Query on filtering Events and Alerts and when to create Incidents

Pranita Bahugun · ‎12-19-2024

Hello everyone,

While implementing event management, in which scenarios below configurations should be done:

Question1:

Incident creations: In which conditions incidents should get created from Alert? Can team directly work on Alerts and monitor on Alerts. What should be the criteria?

Question 2:

Should we bring all the events from source into ServiceNow or events to be filtered at source? What would be the recommended approach?

Any quick help is much appreciated!

Thanks in advance.

Thanks,

Pranita Bahuguni

Sai Chaithanya · ‎12-19-2024

Hi

Question 1 - As alerts are grouping of Events for which Incidents need to be created, Patching or fixing should be done with Incident record as it further related to Change Management. It is not recommended to the cut the flow nor it works holistically. Creation of Incidents for which alerts should be purely based on business requirement.

Question 2 - If your monitoring tool allows you to filter or restrict event at source then that is recommended. If that is not supported you can log all events to ServiceNow as with this approach you can leverage threshold based alert creation.