Event management - finding CI's

kuligof · ‎06-26-2014

I'm interested in knowing more about the new Event management feature in Eureka.

For the Monitoring system - the one that is sending Alert messages to Svc Now - what data must it send to Svc Now so that it can recognize what Configuration Item the Alert is related to? That is, what data field(s) on the CI in the CMDB must be common to the Monitoring system?

sherard · ‎07-03-2014

Ahhhh.....I think I see where the trouble is. I believe it is just the terminology.

So, "Node" in ServiceNow Event Management is what we(Evanios) call the monitored object. Node is kinda misleading.......In our stuff we call it the "ObjectName". But yes, this value would be the primary value/name of the event information coming from the monitored source tool.

For example, if it was a "Host Unavailable" event coming from SCOM tool, you would want the Node field value to represent the hostname/servername.

or if it was a "Router Down" event coming from Solarwinds tool, you would want the Node field value to represent the router/device name.

or if it was a " Oracle Database down" event coming from an Oracle application log, you would want the Node field value to represent the Oracle database name.

In our Evanios process, we call this event Normalization. Sometimes this event data can be anywhere within the monitored tools event stream. And it would need to be mapped or Normalized to have some Common Event Format structure in the Event Management solution. In ServiceNow Event Management, the Node field would map (Normalize) against a particular monitored tools event stream depending on what type of event it is.

I hope I didn't confuse you more. But I hope that helped a bit.

View solution in original post

kuligof · ‎07-03-2014

Thanks Sherard. That is much more helpful. It sounds like it is the CI Name field.