Find similar alerts

Release version: Australia

Updated March 12, 2026

1 minute to read

You can find alerts similar to the alert currently being investigated. Save troubleshooting time by reviewing similar alerts to see how they were resolved.

Before you begin

Ensure that the Predictive Intelligence plugin is activated. To activate this plugin, see Activate a plugin.

Ensure that the evt_mgmt.similarity_use_ml property is set to true.

Role required: evt_mgmt_admin

About this task

Save time in resolving the current alert by reviewing how similar alerts were resolved. Provide resolution consistency by resolving similar alerts in the same way.

Procedure

Navigate to All > Event Management > All Alerts.
In the list of alerts, click the alert record that you want to investigate.
In the alert record, click the Similar Alerts tab.
Alerts that are similar to the alert that is being investigated are listed.

By default, up to 10 similar alerts are listed. You can modify this value by setting the evt_mgmt.similarity_max_similar_alerts_shown property.
If you configured a threshold, in the Related links area, click Show Similarities Details.
The Sys ID and confidence level of each similar alert is displayed. The Confidence level is an indication of how the similar alert matches the parameters that you set. As an example, a high confidence percentage value indicates a higher likelihood of similarity of the alerts to the values that you set.

You can modify the value of the threshold by setting the evt_mgmt.similarity_use_threshold property.