Viewing links between alerts in alert groups in Express List
Summarize
Summary of Viewing Links Between Alerts in Alert Groups in Express List
Link View in Express List provides a visual representation of the relationships between alerts within an alert group. It enables users to better understand how alerts are interconnected, highlighting Configuration Items (CIs) and other environmental dependencies without requiring a populated Configuration Management Database (CMDB). When the CMDB is populated, users gain insights into probable causes and impacted services related to the alerts.
Show less
Key Features
- Visual Representation: Displays alert relationships and CI connections using colored tags.
- Manual Refresh: Requires manual refresh to update the arrangement of nodes after moving them.
- Stacked Nodes: Indicates multiple alerts sharing the same key-value pairs, marked with badges.
- Change Badges: Highlights active change requests related to alerts.
- Interactive Tooltip: Provides detailed information about nodes when hovered over, including tag name, class, severity, and alert status.
- Legend: Describes symbols and colors used in the view and allows filtering of tag types to minimize clutter.
Key Outcomes
Using Link View empowers ServiceNow customers to quickly identify relationships between alerts, facilitating more efficient triage and incident management. By leveraging the insights provided, organizations can enhance their response strategies, particularly when the CMDB is utilized for further context on impacts and probable causes.
Gain a better understanding of the relationships between alerts in alert groups in the Express List by using Link View. Link View offers a visual representation of the relationships between the alerts in a group.
When Event Management generates an alert group, Link View shows how the attributes of the alerts in the group are linked. The colored tags represent Configuration Items (CIs) and other environment items in relation to the alerts. The information shown in Link View is available without the need for a populated Configuration Management Database (CMDB). However, when the CMDB is populated, Link View offers additional value by providing the probable cause of the alerts and the service that the alert group impacts.
You can focus on your areas of interest by dragging the nodes in Link View to different positions. When you refresh an alert group, rearranged nodes appear in their original position again. Therefore, Link View is not refreshed automatically, but waits for you to do so manually. If an alert on a CI impacts a service in the Configuration Management Database (CMDB), Link View shows the impacted service, enabling you to view it at a glance for quick triage.
A stacked node indicates that multiple nodes were mapped for the same tag. When the same key-value pair appears in more than one alert, the corresponding node is shown with a badge. For example, when the same key-value pair appears in two alerts, the badge on the node shows the number 2, as seen on the Payment tracker node in the sample alert group figure. When a node has no badge, the key-value pair appeared in only one alert. An active change request, a probable cause of the alert, is marked by a Change badge.
The Link View legend lists the meaning of the symbols and colors used and allows you to toggle between hiding and showing types of tags to reduce noise. In addition, the legend describes the meaning of the various lines linking the alert attributes. Attributes linked by a solid line share one or more alerts, whereas attributes linked by a dotted line are correlated by grouping criteria. For a description of each tag, see Tags in Express List Link View. Hovering over a node displays a tooltip that includes the name of the tag, its class, its severity, the number of alerts in which it appeared, and whether the alert is primary or secondary or the probable cause of the alert, if applicable.