Multiple Alert Correlation to Single Incident?

thunt · ‎08-11-2015

Hello all,

I need to find a way to correlate multiple related alerts through SNOW Event Manager into one single Incident form through the Alert related list on the form. Is this possible? I have tried running filters through the Alert -->Incident related list at the bottom of the form to try to put multiple alerts in that list, but I always end up unsuccessful. Has any one implemented this before?

Regards,

BenPhillipsSNC · ‎08-16-2015

Hi Thomas

Yes you can have multiple alerts related to an incident. The way I have seen it done is by using "Incident Alerts" which is a separate application. The wiki for that is here:

Incident Alert Management - ServiceNow Wiki

Thanks

Ben

BenPhillipsSNC · ‎08-16-2015

Actually, that's not necessary. If you just want to associate multiple Alerts to an incident, you need to enter in the incident number on the alert form. So go to the alert and enter the INC# into the "incident" field at the top on the left.

thanks

thunt · ‎08-16-2015

Hi Ben,

As far as Incident Alerts and the application itself, I thought this was just a process of utilizing notifications and notifying users of created incidents?

And I guess a user could update the incident field on every alert form, but that seems a little tedious; especially if a customer is getting 50 related alerts every 24 hours that they would want combined into a single incident. Is there a way to automate the correlation of multiple alerts to one incident I guess is what I should of asked.

Could this be done via client script, rules, etc...?

Regards

Mike Buckner · ‎08-13-2016

Hi Thomas,

There are a number of ways to achieve this, but the 'Event Management' way would be to leverage Event Correlation Rules. Correlation rules allow you to define primary, and secondary alerts. If the criteria match the secondary alerts are all grouped into the primary alert. From there you can write an alert rule to check that alert.group != secondary as the matching criteria.

-Mike