Features of the Investigation tab

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 4 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Features of the Investigation tab IT Service Management > Service Operations Workspace for ITSM

    The Investigation tab in ServiceNow's Service Operations Workspace for ITSM provides crucial CI metrics and options to assist in resolving CI-related issues. Customers can utilize various drop-down options to access specific metrics that enhance their troubleshooting capabilities.

    Show full answer Show less

    Key Features

    • Initial Metrics: Displays metrics of the affected CI from 30 minutes before to 30 minutes after an incident is created. Configurable through the snsow.initialmetricfetchwindow property, it is available only for the primary CI.
    • Recent Metrics: Shows the latest metrics for the affected CI, retrieved when the primary CI is updated or added to the incident. The Get latest metrics icon allows on-demand data refresh.
    • Overview Information: Provides details like CI name, operating system, and model number, with hyperlinked CI records for easy access.
    • System Information: Displays detailed system data, which aids in diagnosing issues, including Microsoft system and Azure state information. Requires the Agent Client Collector for Investigation.
    • Device Health: Launches the Digital End-User Experience application to view metrics and health for the selected CI. Accessible only for devices classified as Endpoints with the necessary entitlements and installations.
    • Asset Utilization Metrics: Shows memory, disk, CPU utilization, and uptime, color-coded for warning (yellow) and critical (red) thresholds. Customization of these thresholds is possible.
    • Top Processes: Lists top processes by CPU and memory utilization, with critical thresholds highlighted.
    • Services, Logged-in Users, and Installed Applications: Provides additional context regarding the CI’s operational state.
    • Historical Metrics: Allows users to view historical data by selecting a time range, aiding in trend analysis.

    Key Outcomes

    By utilizing the Investigation tab, ServiceNow customers can effectively monitor CI performance, diagnose issues quickly, and make informed decisions based on real-time and historical metrics. This capability enhances incident resolution times and overall service management efficiency.

    The Investigation tab displays CI metrics information along with various options. Use the options and the metrics information to view the data that helps to resolve the CI-related issues.

    You can select the following drop-down options to view the metrics information for the CI:

    • Initial metrics: Metrics information of the affected CI that is retrieved from 30 minutes before to 30 minutes after the incident is created. The metrics information of the CI is displayed only if the CI is populated in that one hour time period. You can configure the sn_sow.initial_metric_fetch_window property to change the one hour time period.
      Note:
      Initial Metrics is available only for the primary CI.
    • Recent metrics: Latest metrics information that is available for the affected CI. By default, the Recent Metric option is selected.
    Note:
    The metrics information for the CI is retrieved in any one of the following conditions:
    • When the primary CI is updated or added to the incident. You can also configure when and how the metric information is retrieved for a CI by configuring the collection rule. For more information, see Configure the collection rules for the Investigate tab.
    • When you select the Get latest metrics icon (get latest matrix refresh), it refreshes, retrieves, and displays the latest metrics on demand. This option is available only when you’re viewing data in the Recent Metrics.
    The metrics data includes the following information:
    • Overview: Displays overview information of the CI, such as name, operating system, and model number, from the ServiceNow database records and CMDB CI computer using the glide record query. The Name field contains a hyperlinked value, which displays the CI record on a separate tab when selected.
    • System information: Select to display the system information for the selected CI on a separate modal. The system information modal includes the following data:
      • Microsoft system (msinfo32): Displays information about the computer and a comprehensive view of the hardware resources, system summary, components, and software environments, which can be used to diagnose the computer issues. You can also search and view any specific system parameter, if necessary.
      • Azure (dsregcmd): Displays information on the state of the CI device that is managed by the Azure Active Directory (Azure AD). This information is used to diagnose and troubleshoot the device. The date and time when the information is last retrieved is also displayed. You can also search and view any device parameter, if necessary.
        Note:
        You can only use this option when the Agent Client Collector for Investigation (sn_acc_adapter) adapter is integrated with the Investigation Framework.
    • Device health: Select the Device health link to launch the Digital End-User Experience application and device health page for the selected CI on a separate tab, within the incident view. This tab enables agents to view all the available metrics and the device health for the selected CI, which were collected by DEX. You can also access this feature using the View device health option on the CI record in Service Operations Workspace.
      Note:
      DEX requires a separate entitlement.
      This link is available to the agent only if the following conditions are met:
      • The selected CI is of type Device, which is also known as Endpoint.
      • The DEX plugin is installed on the instance. For more information on DEX, see Digital End-User Experience.
      • The DEX agent is installed on the selected CI.
    • Asset utilization: Utilization of the assets for the CI. The following information is displayed along with the date and time:
      • Memory utilization: Amount of the memory used on the CI. The value is displayed in percentage.
      • Disk utilization: Disk utilization of the logical drives for the affected CI. The value is displayed in percentage.
      • CPU utilization: CPU utilization for the CI. The value is displayed in percentage.
      • Uptime: Uptime (boot time) of the assets. The days and time since when the assets are up and running.
      Note:
      The following metrics are color-coded based on the threshold values to highlight the warning or critical level:
      Table 1. Color coding metrics for Asset utilization metrics
      Asset utilization metrics Warning (Yellow color code) Critical (Red color code)
      Memory utilization Greater or equal to 80 Greater or equal to 95
      Disk utilization Greater or equal to 80 Greater or equal to 95
      CPU utilization Greater or equal to 80 Greater or equal to 95

      However, you can also customize these threshold values, if necessary. For more information, see Customize the Investigate tab.

    • Top processes by CPU: Top processes sorted based on the CPU utilization of the processes in the affected CI.
      Note:
      The Top processes by CPU metrics are color-coded based on the threshold values to highlight the critical level when the value is greater or equal to 90. However, you can also customize these values, if necessary.
    • Top processes by memory: Top processes sorted based on the memory consumed by the processes in the affected CI.
      Note:
      The Top processes by memory metrics are color-coded based on the threshold values to highlight the critical level when the value is greater or equal to 90. However, you can also customize these values, if necessary.
    • Services: List of services (device or server) running on the affected CI.
    • Logged in users: List of the logged-in users in the affected CI.
    • Installed applications: List of the applications installed on the CI.
      Note:
      For devices with the Windows OS, the Installed applications don't include a list of pre-packed application.

    Use the View History button to view the historical metrics data for the CI on a separate tab. You can select the time range from the drop-down options to view the historical data for that time range. For more information, see Viewing the historical data of CI metrics.