Event Management tag based alert clustering tag form

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Event Management Tag Based Alert Clustering Tag Form

    The Event Management tag based alert clustering tag form in ServiceNow allows customers to create or modify tags that help cluster alerts based on specific field matches. This functionality is essential for efficiently grouping related alerts, reducing noise, and improving incident management and root cause analysis.

    Show full answer Show less

    Key Features

    • Name: Unique identifier for the clustering tag, defaulting to a description of the configured tag, customizable after saving.
    • Domain: Read-only field indicating the domain of the record.
    • Description: Optional field to provide additional context about the tag.
    • Source: Defines where the matching field is selected from, options include Alert Field, Alert Additional Info (key-value pairs in JSON format), Alert CI, Alert CI Key, and Alert Tags.
    • Selected Field: Specifies the exact alert field or CI field to be matched when Alert Field or Alert CI is selected.
    • Key: Defines the key name to match within Alert Additional Info or Alert Tags.
    • CMDB Key: Selects the CMDB key for matching alerts when Alert CI Key is the source, enabling clustering based on configuration item attributes.
    • Match Method: Determines how alert values are compared:
      • Exact: Requires exact field value matches.
      • Fuzzy: Allows approximate matches based on a similarity percentage.
      • Pattern: Matches based on a specified pattern syntax.
    • Similarity: Specifies the threshold percentage for fuzzy matching (default 90%), indicating how closely alert values must match to be grouped. This appears only when Fuzzy is selected.

    Practical Use for ServiceNow Customers

    By configuring tag based alert clustering tags with this form, customers can tailor how alerts are grouped according to their operational needs. This enables more precise alert clustering by leveraging exact, fuzzy, or pattern matching on alert fields, additional info, or CMDB keys. Utilizing this form helps reduce alert noise, improve incident correlation, and streamline event management workflows in ServiceNow.

    The form for creating or modifying a tag based alert clustering tag displays detailed information about the tag.

    Table 1. Tag based alert clustering tag form
    Field Description
    Name Name of the clustering tag. Defaults to a description of the configured tag (such as, Exact match on Alert Field "metric name").

    The default name is visible only after saving the tag.

    Tag names must be unique.
    Customized name Select the check box to customize the value in the Name field.
    Domain The domain in which the current record was created. Read-only.
    Description Enter an optional description of the tag.
    Source Select the source from which to choose the field to be matched.
    • Alert field
    • Alert additional info
    • Alert CI
    • Alert CI key
    • Alert tags

    If you select Alert additional info, choose an Additional Info Key instead of a field. Alert additional info is a field on alert containing the key value pair in Jason format and we can use a specific key.

    Alert CI key: Create CMDB key values to cluster alerts based on CMDB Key Values [cmdb_key_value] table. Key values provide an additional method for determining commonalities between alert CIs.
    Selected field Indicate the field that has to match between alerts for the alerts to be included in a group.

    Appears when you select Alert Field or Alert CI in the Source field.

    If you select Alert CI in the Source field, you need to select a CMDB key. A CMDB key is assigned to the CI of the alert.
    Key Indicate the Key that has to match between alerts for the alerts to be included in a group.

    Appears when you select Alert additional info in the Source field, or appears when you select Alert tags in the Source field.

    When Alert additional info is selected, enter the name of one of the fields in the additional info field.

    When Alert tags is selected, enter the name of the relevant alert tag.
    CMDB key Indicate the CMDB key to match for the alerts to be included in a group.

    Appears when you select Alert CI Key in the Source field.
    Match method Select the type of match required for the alerts to be included in a group.
    • Exact: Indicates that the field value must be an exact match for the alert to be included in a group.

      For example, you can configure an alert clustering tag indicating that the alert's Metric name field must be an exact match to form a group. When invoking that tag, all alerts with identical values in the Metric name field are included in the same group.

    • Fuzzy: Indicates that the field value needs to be an approximate match (depending on the value configured in the Similarity field) for the alert to be included in a group.
    • Pattern: Indicates that the field value needs to follow the pattern in the Pattern field. For correct syntax and usage examples, see Pattern matching.
    Similarity Specify the similarity percentage that must be met by the alerts to be included in a group. For example, entering 50 indicates that at least 50 percent of the indicated value must appear in the alert for the alert to be included in the group.

    Appears only when Fuzzy is selected as the Match Method value.

    Default value = 90