Exploring Event Management

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Exploring Event Management

    Event Management in ServiceNow provides comprehensive monitoring, analysis, and remediation of IT issues by managing key components such as discovered services, application services, dynamic CI groups, and alert groups. It enables IT teams to detect, prioritize, and resolve incidents efficiently by correlating events and alerts linked to Configuration Items (CIs) within the IT environment.

    Show full answer Show less

    Key Features

    • Discovered Services: Automatically identified service maps derived from related CIs in the CMDB, including impact trees and alert associations, displayed on dashboards and event lists.
    • Application Services: User-defined collections of CIs for targeted monitoring and management.
    • Dynamic CI Groups: Automatically grouped CIs based on shared criteria (e.g., location) that help populate application services and simplify management.
    • Alert Groups: Organized sets of alerts to streamline maintenance and response activities.
    • Process Flow: External events are ingested via MID Servers, stored, and processed to generate alerts based on rules. Alerts are enriched, correlated, accumulated, and mapped to CIs for root cause analysis, enabling efficient incident management.
    • User Roles:
      • Admin (evtmgmtadmin): Full configuration access, including creating and modifying global scripts and rules. Requires careful access control due to elevated permissions.
      • Operator (evtmgmtoperator): Manages alert lifecycle including acknowledgment and closure, ensuring proper event categorization and routing.
      • Team Operator (evtteamoperator): Manages alerts and configurations limited to their assignment group, controlling team-specific alert automation and integrations.
      • User (evtmgmtuser): Performs basic alert operations such as viewing and acknowledgment.

    Key Outcomes

    • Rapid Issue Detection: Enables early identification of IT issues through real-time event monitoring.
    • Efficient Alert Handling: Aggregates and correlates alerts to reduce noise and streamline incident management.
    • Automated Actions: Supports automatic remediation workflows to accelerate problem resolution.
    • Comprehensive Monitoring: Integrates with various external tools for a holistic view of system health.
    • Root Cause Analysis: Links alerts to specific CIs to facilitate identification of underlying problems.
    • Customizable Rules: Allows tailoring of event and alert management rules to meet organizational needs.
    • Reduced Downtime and Cost Efficiency: Minimizes service interruptions and operational costs by enabling prompt and effective issue resolution.
    • Enhanced Visibility: Provides real-time dashboards and insights into IT environment health for informed decision-making.

    Explore Event Management to understand its overview, process flow, user roles, and benefits for comprehensive IT issue monitoring and resolution.

    Event Management provides comprehensive monitoring, analysis, and remediation of IT issues by effectively managing various components within an IT environment. These components include discovered services, application services, dynamic CI groups, and alert groups.
    • Discovered Services: Defined by interrelated Configuration Items (CIs) from the CMDB, a discovered service is identified through Service Mapping. It includes a service map with mapping relationships, an impact tree showing outage severity, active and related alerts, and CI properties. This service information is displayed on dashboards, the Alerts list, and the Events list.
    • Application Services: Created by selecting specific CIs, application services allow for targeted monitoring and management. For more details, refer to the Application Services documentation.
    • Dynamic CI Groups: These are collections of CIs grouped based on shared criteria, such as location. Dynamic CI groups help populate application services, simplifying management.
    • Alert Groups: Alert groups organize sets of alerts to streamline maintenance and management, making it easier to respond to IT issues efficiently.

    Process flow

    Event Management receives external events and generates alerts based on predefined rules. The MID Server polls external event tracking tools and sends data to Event Management for storage and processing. Events are stored in the Event [em_event] table, and alerts are created by matching event rules. Alerts are then transformed and enriched with additional content, accumulated if thresholds are met, and mapped to specific fields. The system searches for matching message keys to update existing alerts or create new ones, associating related events under a single alert. Alerts are bound to specific Configuration Items (CIs) for root cause analysis. For more information, see Event Management process flow.

    Users

    Role title [name] Description
    Admin

    [evt_mgmt_admin]

    		 Has read and write access to all Event Management features to configure Event Management.
    Note:
    Exercise caution with the evt_mgmt_admin role, as it can be elevated to the admin role. A user with the evt_mgmt_admin role has the ability to add and modify scripts that run on a global scope. Ensure proper access control. With this role, the user can create and/or update the following scripts:
    • Alert correlation rules
    • Alert management rules
    • Maintenance rules
    • Advanced scripts
    • Event field mapping
    • Pre- and post-binding scripts
    Operator

    [evt_mgmt_operator]

    		 Manages alerts, including closing and acknowledging them. Oversees the overall Event Management process, ensuring events are properly categorized, prioritized, and routed for resolution.
    Team Operator

    [evt_team_operator]

    		 Manages Event Management operations within a specific team as defined in the Assignment Group field. This role allows the operator to read and write alerts exclusively for their assigned team. Additionally, the operator can make configuration changes specific to their team, including updates to Alert Automation and the Integrations Launchpad.
    Note:
    The evt_team_operator role must be assigned to an assignment group to view and manage alerts for that group. If the role is created but not associated with any groups that have alerts assigned, the operator cannot see any alerts.
    User

    [evt_mgmt_user]

    		 Manages the lifecycle of alerts, including performing basic operations such as viewing and acknowledging them.

    Benefits

    • Rapid Issue Detection: Quickly identifies and highlights potential IT issues.
    • Efficient Alert Handling: Aggregates and correlates alerts for streamlined management.
    • Automated Actions: Initiates automatic remediation processes to speed up issue resolution.
    • Comprehensive Monitoring: Integrates with multiple tools for a complete system overview.
    • Root Cause Analysis: Offers tools to identify underlying causes of issues.
    • Customizable Rules: Tailors event and alert management rules to specific needs.
    • Reduced Downtime: Minimizes system downtime with prompt problem resolution.
    • Enhanced Visibility: Real-time dashboards offer insights into system health.
    • Cost Efficiency: Lowers operational costs by preventing prolonged issues.