Event Management subflows in the base system
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of Event Management subflows in the base system
Event Management in ServiceNow Yokohama release includes a set of predefined subflows designed to automate alert remediation actions. These subflows are accessible within the Alert Management Rules under the Remediation Subflows section, enabling customers to efficiently manage alerts by triggering specific workflows based on alert conditions.
Show less
Accessing and Using Subflows
- Navigate to Event Management > Rules > Alert Management Rules and create or open a rule.
- Under the Actions tab, add subflows by searching in the Remediation Subflows area.
- Select from the list of base system subflows to incorporate into alert remediation.
Base System Subflows and Their Functions
The following key subflows are provided to manage alerts effectively:
- Acknowledge Alert: Marks an alert as acknowledged to indicate attention is needed.
- Attach Knowledge Article (legacy): Attaches a knowledge article to alerts for instances migrated from releases prior to London.
- Change Alert to Maintenance Mode: Changes alert status to maintenance.
- Close Alert: Marks an alert as closed.
- Create Incident: Automatically creates an incident from alert data, unless an incident already exists or alert is in maintenance mode. Includes logic to avoid duplicate incidents for secondary alerts when grouping is incomplete.
- Create Major Incident Candidate: Creates a major incident candidate from alert data, with restrictions similar to incident creation (no creation if alert is secondary, in maintenance, or linked to an existing incident).
- Create Major Incident from Alert / with Impact: Creates a major incident, optionally considering impact data, with the same conditions preventing creation if an incident exists or alert is in maintenance or secondary role.
- Create Major Incident Candidate with Impact: Similar to the candidate creation but includes impact field input.
- Create Task (legacy): Supports task creation using templates or legacy scripts for pre-London migrated instances.
- Overwrite Alert Template (legacy): Applies an alert template, primarily for legacy migrated instances.
Customization and Execution
Customers can customize subflows or create new ones to tailor alert remediation to their environment. Execution timing for workflows can be specified within Alert Management Rules to control when subflows are triggered.
The subflows provided with the base system appear in the Remediation Subflows area of alert management rules.
Accessing the subflows
Navigate to and click New. Click the Actions tab. In the Remediation Subflows area, double-click the Insert a new row field.
Click the search icon
to add subflows. The list of subflows that are provided with the base system
appears.
| Name | Description |
|---|---|
| Acknowledge Alert | Subflow to mark the alert as being Acknowledged. Acknowledge an alert to show that further attention is required. |
| Attach Knowledge Article (legacy) | Subflow to attach a knowledge article to the alert. This subflow is provided for instances that are migrated from legacy releases (prior to the London release). Note: Add the Knowledge article
column to the Alert Management Rules [em_alert_management_rule] table, and
select an article to attach to an alert when the rule executes. |
| Change Alert to Maintenance Mode | Subflow to mark the alert as being in Maintenance. |
| Close Alert | Subflow to mark the alert as being Closed. |
| Create Incident | Subflow to create an incident. Fields from the alert are used to populate the
matching fields in the incident that is created. Note:
|
| Create Major Incident Candidate | Subflow to create a major incident candidate. Fields from the alert populate
the matching fields in the major incident candidate that is created. A major
incident candidate can be upgraded to become a major incident. Note:
|
| Create Major Incident from Alert | Subflow to create a major incident from alert. Fields from the alert are used
to populate the matching fields in the major incident that is created. Note:
|
| Create Major Incident with Impact | Subflow to create a major incident from an alert in which the
Impact field is also taken as input. Fields from the
alert are used to populate the matching fields in the major incident that is
created. Note:
|
| Create Major Incident Candidate with Impact | Subflow to create a major incident candidate in which the
Impact field is also taken as input. Fields from the
alert populate the matching fields in the major incident candidate that is
created. A major incident candidate can be upgraded to become a major incident. Note:
|
| Create Task (legacy) | This subflow uses a task template, if provided, or the
EventMgmtCustomIncidentPopulator script for instances
migrated from legacy releases (prior to the London release). If configured, apply
the task template. Note: Add the Task template column to the
Alert Management Rules [em_alert_management_rule] table, and select a task
template and task to apply when the rule executes. |
| Overwrite Alert Template (legacy) | This subflow applies the alert template. This subflow is provided for instances that are migrated from legacy releases (prior to the London release). Note: Add the Task type column to the Alert
Management Rules [em_alert_management_rule] table, and select an alert template
to apply when the rule executes. |
- Select the subflow that you need.
- To customize a subflow, see Create a custom subflow for alerts. This topic also describes the input parameters in a subflow.
- To specify when the workflow must be executed, double-click the cell under
Execution.
.