In Event Management we have multiple sources that send events to our ServiceNow instance. Our NOC/SOC-team have a list in Agent Workspace where they have alerts for each source, but they recently found out that when an Alert is grouped into primary and secondary alert, the source name changes into "Group Alert", and the filter then does not find the Alerts.

So, my question is: What's the best way around this? And WHY is the source changing when it's a grouped alert?
I would think that it's quite common to have more than one event source, and also that you might want to filter by source...