@HarshvardhanG 

Yes your understanding is correct. When an event with severity Info or above is received in ServiceNow, it would create an alert. If source sends message key field value, event/alert would be created with this message key. If message key field value is empty  then  Source, Type, Node, Resource, and Metric Name fields are used in created alert.

When an event with severity CLEAR is received with same message key, alert would be resolved. Refer below link for more information on event, alert and incident relationship and how Alert state changes,

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0756521

If this helped to answer your query, please mark it helpful & accept the solution.

Thanks,

Bhuvan

@HarshvardhanG 

Did you get a chance to review this ?

If my response helped to answer your query, please mark it helpful & accept the solution.

Thanks,

Bhuvan

Hi @Bhuvan , your response is really helpful and really thanks for the kb article. But I am still not sure why in my system alerts are not closing even if an event is closing or clear.

@HarshvardhanG 

As you can read from knowledge article, there are few scenarios which can lead to alerts not closing even if CLEAR event is received.

Can you share screenshots of PROBLEM event, CLEAR event and Alert & I can see if I can provide more information.

Sample - PROBLEM Event

Corresponding CLEAR Event

Corresponding Alert

If my responses were helpful, please mark the posts helpful & accept the solution.

Thanks,

Bhuvan