Event management - finding CI's

Go to solution
kuligof
Kilo Explorer

‎06-26-2014 10:10 AM

I'm interested in knowing more about the new Event management feature in Eureka.

For the Monitoring system - the one that is sending Alert messages to Svc Now - what data must it send to Svc Now so that it can recognize what Configuration Item the Alert is related to?   That is, what data field(s) on the CI in the CMDB must be common to the Monitoring system?

0 Helpfuls
  • 2,554 Views
1 ACCEPTED SOLUTION

Go to solution
sherard
Mega Expert
In response to kuligof

‎07-03-2014 11:56 AM

Ahhhh.....I think I see where the trouble is. I believe it is just the terminology.



So, "Node" in ServiceNow Event Management is what we(Evanios) call the monitored object. Node is kinda misleading.......In our stuff we call it the "ObjectName". But yes, this value would be the primary value/name of the event information coming from the monitored source tool.



For example, if it was a "Host Unavailable" event coming from SCOM tool, you would want the Node field value to represent the hostname/servername.



or if it was a "Router Down" event coming from Solarwinds tool, you would want the Node field value to represent the router/device name.



or if it was a " Oracle Database down" event coming from an Oracle application log, you would want the Node field value to represent the Oracle database name.



In our Evanios process, we call this event Normalization. Sometimes this event data can be anywhere within the monitored tools event stream. And it would need to be mapped or Normalized to have some Common Event Format structure in the Event Management solution. In ServiceNow Event Management, the Node field would map (Normalize)   against a particular monitored tools event stream depending on what type of event it is.



I hope I didn't confuse you more.   But I hope that helped a bit.


View solution in original post

0 Helpfuls
10 REPLIES 10

Go to solution
Pradeep Sharma
ServiceNow Employee
ServiceNow Employee

‎06-26-2014 10:15 AM

Hi Frank,



I hope the below wiki article give you some info about it.


Event Management - ServiceNow Wiki



Thanks,


Pradeep Sharma


0 Helpfuls

Go to solution
kuligof
Kilo Explorer
In response to Pradeep Sharma

‎06-26-2014 10:44 AM

Pradeep,


Thanks for pointing me to the Wiki.


I see in the Integrating External Events with Event Management page, it tells me that the Node field is "The physical device or virtual entity that is being monitored.'   It doesn't say if that is an IP Address, Serial Number, or something else.



So, what values need to be passed in the Node field for Svc Now to find the correct CI that the Alert is for?


0 Helpfuls

Go to solution
Pradeep Sharma
ServiceNow Employee
ServiceNow Employee
In response to kuligof

‎06-26-2014 10:50 AM

Hi Frank,



I really don't have an answer to this.


You can post the same in the below thread and I hope someone will answer your question.


Ask The Expert: Discuss The Latest Release from ServiceNow



Please mark your question as answered if it helps



Thanks,


Pradeep Sharma


0 Helpfuls

Go to solution
Pradeep Sharma
ServiceNow Employee
ServiceNow Employee

‎06-26-2014 10:16 AM

Also you can discuss about this in the other thread


https://community.servicenow.com/thread/166299



Thanks,


Pradeep Sharma


0 Helpfuls