Information on the Overview tab for a Component-based alert

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Overview tab for a Component-based alert

    The Overview tab in Health Log Analytics provides a detailed view of Component-based alerts, helping ServiceNow customers quickly understand the root cause and impact of alerts triggered by anomalies in system components.

    Show full answer Show less

    Key Sections on the Overview Tab

    • Identified issue: Highlights the main problem that caused the alert, visible in the alert title and a dedicated card. Customers can access details on how the issue was detected and review log lines surrounding the anomaly to aid root cause analysis.
    • Configuration Items (CIs): Offers access to detailed information about the CIs linked to the alert. Customers can explore these details via the Configuration Items tab or a direct link to support analysis and acknowledgment.
    • Impacted services: Displays services affected by the alert, helping customers understand the scope of the issue. Detailed service information is available through the Impacted services tab.
    • Anomaly: Visualizes the anomalous activity that triggered the alert using charts that compare recent activity against learned baselines, previous day, and previous week data. This helps customers distinguish unusual behavior and patterns.
    • Meaningful log properties: Shows bar charts illustrating the distribution of specific log property values that contributed to the anomaly. This aids customers in pinpointing which property values are most significant to the detected issue.
    • Top alerts: Summarizes related alerts by aggregating data from Similar alerts and Repeated alerts, allowing customers to explore trends and recurring issues through further details.
    • Top incidents: Provides summaries of incidents linked to the affected CIs and related CIs, helping customers correlate alerts with ongoing or past incidents for comprehensive incident management.

    What This Enables Customers to Do

    By using the Overview tab for Component-based alerts, ServiceNow customers can efficiently identify and analyze anomalies, understand their impact on configuration items and services, and correlate alerts with incidents. This comprehensive insight streamlines troubleshooting and accelerates resolution during the operator phase of alert management.

    The alert Overview tab in Health Log Analytics helps you understand Component-based alerts.

    Sections on the Overview tab for a Component-based alert

    For a detailed description of Component-based alerts, see Types of Health Log Analytics alerts.

    Identified issue

    The "identified issue" led to the alert. The issue appears in the title for the alert and on a card on the tab. Information about the alert appears in the banner.

    Figure 1. Identified issue
    Identified issue appears here and in alert title
    Configuration Items
    To view more detailed information on the CIs that are associated with the alert, click the Configuration Items tab or click View more in the Configuration Items section. See Operator phase 1: Analyze and acknowledge an alert.
    Impacted services
    To view detailed information on the services that are impacted by the alerts, click the Impacted services tab. See Operator phase 1: Analyze and acknowledge an alert.
    Anomaly
    The Anomaly card illustrates the anomalous activity that led to the alert.
    • The blue line shows the recent anomalous activity.
    • On some charts, the lightly shaded area indicates the expected (learned baseline) behavior.

      A peach-shaded area represents the baseline values for the same hour one day earlier. A pink-shaded area shows the values for the same period in the previous week.

    • Click the information icon to see how the anomaly was identified: Information icon.
    In this example, the peach-shaded area shows the same data for the same hour one day earlier. The spike in the metric value (events per minute) is clearly visible.
    Figure 2. Anomaly card
    Anomaly card identifies and illustrates anomalous behavior.
    In this example, the pink-shaded area represents the baseline values for the same hour in the previous week.
    Figure 3. Anomaly card with baseline values one week earlier
    Baseline values for same hour in previous week.

    For more information on the kinds of anomalies that you might encounter, see Types of anomalous behavior in Health Log Analytics.

    Meaningful log properties
    On the Meaningful log properties card, each bar chart shows the distribution of values for a single log property that contributed to the anomaly. Each property value is associated with a color. The length of a color bar correlates to the percentage that the property value holds in comparison with all other values for the property. For the p_a5 property in the example, the value EUR appeared in 56.12% of log lines, GBP in 13.67%, and so on.
    Figure 4. Meaningful log properties
    Meaningful log properties shows the relative frequency of occurrence for property values.
    Top alerts

    The Top alerts card displays summaries of data from the Similar alerts and Repeated alerts tabs. The Total results value is the sum of the two values. Click More details to open the Alert Insight Similar Alerts tab. For details, see Information on the Alert Insight Similar Alerts tab.

    Figure 5. Top alerts
    Top alerts shows counts of total, similar, and repeated alerts.
    Top incidents

    The Top incidents card displays summaries of data from the Incidents on CI and Incidents on related CIs tabs. The Total results value is the sum of the two values. Click More details to open the Incidents on CI tab.

    Figure 6. Top incidents
    Top incidents shows counts of total results, incidents on CI, and incidents on related CIs.