Alert insight properties

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Alert insight properties

    Alert insight properties enable ServiceNow customers to configure how alert data is retrieved, analyzed, and displayed within the Alert Insight pane. These properties help define time frames for alert history, similarity criteria, related configuration items (CIs), scoring of relationships, and maximum tasks related to alerts. Proper configuration requires theevtmgmtadminrole.

    Show full answer Show less

    Time Frame Configuration

    • evtmgmt.alertinsightalerthistorymin: Sets the period (in minutes) to retrieve repeated and similar alerts, defaulting to 30 days (43200 minutes), including all alert states.
    • evtmgmt.alertinsightclosedalertwindow: Sets the period (in minutes) to retrieve alerts already closed after their last update, default is 3 days (4320 minutes).

    Similarity Settings

    The property evtmgmt.alertinsightalertsameasfilter defines which alert fields (such as source, type, resource, metricname) are used to identify similar alerts, enabling better grouping and analysis.

    Related Configuration Items (CIs)

    • evtmgmt.alertinsightrelatedcistopologylevels: Controls the depth of CI relationships retrieved within application services, defaulting to 3 levels.
    • Relationship types include CMDB-based rules (metadata and suggested relations), containment rules (configuration hierarchy), and hosting rules (placement of CIs in business context).
    • Users can manage dependent relationship rules via CI Class Manager and Metadata Editor in the platform.

    Scoring and Relationship Weighting

    • Scores reflect the relevance of related CIs based on relationship type and depth, being cumulative to prioritize important relationships.
    • Properties such as evtmgmt.alertinsightgroupmapping and evtmgmt.alertinsightlevel1mapping to level3mapping assign default scores to alert groups and CI relationship levels (default scores range from 1 to 3).

    Maximum Related Tasks

    The evtmgmt.alertinsightmaxtasks property limits the number of related tasks retrieved for alert insight, defaulting to 10, to optimize performance and relevance.

    Metadata Rules and Relationship Validation

    • Containment and hosting rules model parent-child and placement relationships between CIs.
    • Properties like evtmgmt.relatedcisusecontainmentrules and evtmgmt.relatedcisusehostingrules control the inclusion of these metadata rules in related CI retrieval.
    • Validation of CI relationships against metadata rules is enabled by default (evtmgmt.relatedcisvalidaterelationrules).

    Affiliation Type in Related Records

    The affiliation type column in related incident, change request, and problem records indicates the relationship type between the selected alert’s CI and related CIs, providing context for incident and change management.

    Practical Benefits for ServiceNow Customers

    • Customize alert retrieval and similarity detection to improve alert noise reduction and correlation.
    • Leverage detailed CI relationship modeling to enhance root cause analysis and impact assessment.
    • Control scoring to prioritize related CIs and groups most relevant to alerts for faster resolution.
    • Optimize performance by limiting related task retrievals and validating relationships for accuracy.

    Use these properties to configure alert insight.

    The role required: evt_mgmt_admin

    The following alert_insight properties are under sys_properties.

    Property Usage
    Time Frame
    evt_mgmt.alert_insight_alert_history_min Set the time frame (in minutes) to retrieve repeated and similar alert data. Default 43200 (30 days)
    Note:
    Alerts are retrieved regardless of their state (open / reopen / flapping / closed).
    evt_mgmt.alert_insight_closed_alert_window Set the time frame (in minutes) to retrieve alerts that were already closed. It is the time after the alert last updated date. Default: 4320 (3 days)
    Similarity
    evt_mgmt.alert_insight_alert_same_as_filter This property is a comma-separated string that defines which of the alert fields is used to consider alerts to be similar. Default: source,type,resource,metric_name
    Related CIs
    evt_mgmt.alert_insight_related_cis_topology_levels
    The relationship types are:
    • CMDB based (metadata rules and suggested relations)
    • Within application services
    • Within Alert groups
    		 For ‘Within application service’ relationship type, this property sets the depth or the maximum level of relationship of retrieved CIs. Default: 3
    Score
    evt_mgmt.alert_insight_group_mapping This property sets the score for within alert group relations. Default: 2
    evt_mgmt.alert_insight_level_1_mapping This property sets the score for level 1 relationship. Default: 3
    evt_mgmt.alert_insight_level_2_mapping This property sets the score for level 2 relationship. Default: 2
    evt_mgmt.alert_insight_level_3_mapping This property sets the score for level 3 relationship. Default: 1
    Maximum related tasks
    evt_mgmt.alert_insight_max_tasks Maximum related tasks to retrieve for alert insight. Default: 10

    Metadata rules consideration

    The parent-child relationship of CIs is considered. Dependent relationship rules consist of hosting and containment rules, each type modeling the data from a different perspective of the CI.

    To manage dependent relationship rules:
    • To access rules at the class level, use the CI Class Manager. Navigate to All > Configuration > CI Class Manager.
    • To access grouped rules, use the Metadata Editor. Navigate to All > Configuration > Identification/Reconciliation > Metadata Editor.

    Containment rules represent configuration hierarchy of CIs, describing which CI contains which other CIs.

    Hosting rules represent placement of CIs in a business definition, describing what CIs run on.

    Modify the alert insight properties to configure the way alert information and analysis appears in the Alert Insight pane.

    Related CIs configuration

    The following properties control which CMDB relationships to consider for related CIs. The CMDB relationships include regular CMDB relation rules, metadata rules (containment rules and hosting rules), and suggested relations.

    Property Usage
    evt_mgmt.related_cis_get_all_relation_types Get all relation types, not including metadata rules. Default: false
    evt_mgmt.related_cis_use_containment_rules Use metadata containment rules. Default: true
    evt_mgmt.related_cis_use_hosting_rules Use metadata hosting rules. Default: true
    evt_mgmt.related_cis_use_suggested_relations_rules Use suggested relations rules. Default: false
    evt_mgmt.related_cis_validate_relation_rules This property controls whether to validate relation of CI according to metadata rules. Default: true

    Score

    Scores are configured per relation type or depth. Scores are accumulated. The higher the score, the more relevant is the related CI to the current CI.

    Example:For a CI that was found at level 2 in the same application service of the current CI, the score is 2. The same CI is in the same alert group, so there is an extra score of 3. The accumulated score is therefore 2+3 = 5.

    Affiliation type

    The Affiliation Type column in the Related Incidents, Related Change Requests, and Related Problems tabs shows the type of relationship that the CI of the selected alert and the related CI have.

    To see affiliation type relationships, navigate to All > Configuration > Identification/Reconciliation > Metadata Editor.

    The parent-child relationship between configuration items is considered.