If no match is found using the Node field, the system looks at the Additional information field of the alert. When you select a CI type, such as File System, the system automatically searches for a matching record in the [cmdb_ci_file_system] table. It uses the details provided in event rule record, specifically in the Additional information field, to refine the search. For example, if the Additional information field contains values like {"mount_point": "/snap/amazon-ssm-agent/9565", "name": "/dev/loop0"}, the system looks for a record in the [cmdb_ci_file_system] table that matches these values. If a match is found, the system binds the CI to the alert, ensuring accurate identification and association. Similarly, if the CI type is Network Adapter, the system searches in the [cmdb_ci_network_adapter] table.

There may be cases where no match is found because the column names in the event record and the table differ for the same item. In such cases, you can manually create an additional key-value pair with a name matching the table column, ensuring the matching process continues successfully. For information on how to create a manual field, see Bind CIs using CI field matching and handling column name differences.