What is the best way to close alert if events are coming with same message key but different Sev.

Rajat Singahl
Tera Contributor

‎08-30-2024 06:17 AM

We have a integration where element managers are pushing the events to servicenow with same message key, but different Severities and there is only one Associated CI. In such scenarios how can we handle Alert creation and Alert Closure?

0 Helpfuls
  • 362 Views
1 REPLY 1

User342536
ServiceNow Employee
ServiceNow Employee

‎09-18-2024 02:13 PM

Hi@Rajat Singahl ,


Please define with your customer, the message key with the one of the following strategies:

 

1- Unique event id

2- Push source, metric_name, type, resource, node fields

3- Define alert severities, based in our severities, and create event field map, if necessary.


Check following docs, for further detail:
https://docs.servicenow.com/bundle/xanadu-it-operations-management/page/product/event-management/con...

 

Kindest Regards,

 

Rodrigo Donnangelo

 

0 Helpfuls