Multiple Incidents are created for the same events

mirza_saquib · ‎03-11-2024

Hi

Problem Statement: Multiple incidents are created for the same issue (Disk Warning Usage) through windows cluster; instaed of creating one incident from the cluster they are creating the incidents from all the servers.

What is happening in the System:

When the events are triggering with different message key(source + node (changing every time)) they create an alert and same type of alert group together .

primary Alert is not creating the incidents but the secondary alerts are creating, because the property is not enable and we can not enable the property in which Primary alert create the incident because it is global.

So is there any way to stop creating the incidents on secondary alert for the "Disk Warning" only

AJ-TechTrek · ‎03-11-2024

Hi @mirza_saquib ,

You need to control the using the Alert Management rule for incident creation and I recommend you to look into predictive intelligence for incident.

The rule in my example is configured like this:

The primary is basically the root cause, and the primary are the effected alerts. Another example: "Printer offline" is the primary, and "Print job failed" is secondary. The print job failed events are generated because of the printer offline (root cause).

Refer the Event Correlation.

https://www.servicenow.com/community/montreal-snug/servicenow-incident-reduction-via-event-correlati...

https://www.servicenow.com/community/itom-blog/alert-correlation-advanced-processing-example/ba-p/22...

Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.

Thanks

AJ

Linkedin Profile:- https://www.linkedin.com/in/ajay-kumar-66a91385/

ServiceNow Community Rising Star 2024

AJ-TechTrek · ‎03-18-2024