Add a KB article to a Log Analytics alert

  • リリースバージョン: Australia
  • 更新日 2026年03月12日
  • 所要時間:3分

    • Add your own knowledge base (KB) article to an alert that was generated by Health Log Analytics. For example, you can provide additional information that might help to resolve the underlying issue.

    始める前に

    This feature is supported in the Health Log Analytics application, Version 22.0.12 - December 2021 and later, and the Health Log Analytics Viewer application, Version 21.0.0 - December 2021 and later. These applications are available from the ServiceNow Store.

    Role required: evt_mgmt_operator or evt_mgmt_admin

    手順

    1. Open a Log Analytics alert.
      1. In the Service Operations Workspace, select the lists icon (Lists icon.).
      2. Select the appropriate list in the Alerts sub-list and navigate to the desired alert.
        In the All Alerts list, alerts that were generated by Health Log Analytics have the value Log Analytics in the Source column.
      3. Select the alert number.
    2. Select the more actions icon (More Actions icon.) at the top right of the Details tab and then choose Create KB article for this issue from the list.
    3. On the form, fill in the fields.
      表 : 1. Create New Knowledge form
      Field Description
      Knowledge base The knowledge base where the new KB article is stored. By default, this value is the Health Log Analytics knowledge base.
      Workflow (Read-only) The status of the KB article.

      When you publish the article, its status automatically changes from Draft to Published.
      Category The category of the component that caused the alert.
      Short description Summary of the KB article.
      Article body Content of the KB article.
    4. Select Save.
    5. When the content of the article is final, select Publish.

    タスクの結果

    The KB article is added to the selected alert. You can search for and display the article in the Agent assist side panel. Health Log Analytics also uses your article to enhance similar alerts with the same Event ID property or alert pattern.