List of predefined tag-based alert clustering definitions

Release version: Xanadu

Updated August 1, 2024

2 minutes to read

Summarize

Summarized using AI

Summary of List of predefined tag-based alert clustering definitions

The Tag Based Alert Clustering Engine application in ServiceNow provides a set of predefined alert clustering definitions. These definitions enable automated grouping of alerts based on shared tags or attributes, which helps streamline alert management and improve incident response efficiency.

Show full answer Show less

Key Features

Time-based grouping: All clustering definitions group alerts created within the last 10 minutes, ensuring relevance and timeliness.
Varied grouping criteria: Alerts can be clustered based on attributes such as application, IP address, namespace, subnet, CI class, location, environment, node, assignment group, region, metric, type, source, and CI.
Default activations: Certain clustering definitions like grouping by application, namespace, subnet, and node are activated by default in new ServiceNow systems.
CMDB grouping consideration: When activating the rule to group alerts by the same Configuration Item (CI), CMDB grouping must be disabled to avoid conflicts.

Benefits for ServiceNow Customers

Improved alert management: By grouping related alerts, customers can reduce alert noise and focus on root causes more effectively.
Faster incident resolution: Clustering related alerts helps in quicker identification and response to underlying issues.
Customization readiness: Customers can activate or deactivate predefined definitions based on their environment and operational needs.

A list of the predefined alert clustering definitions provided with the Tag Based Alert Clustering Engine  application.

Table 1. Predefined alert clustering definitions
Name	Description	Order
Group alerts from the same Application	Group all alerts from the same application, created in the last 10 minutes. In new systems, this definition is activated by default.	9010
Group all alerts from the same IP address	Group all alerts from the same IP address, created in the last 10 minutes.	9020
Group all alerts from the same Namespace	Group all alerts from the same namespace, created in the last 10 minutes. In new systems, this definition is activated by default.	9030
Group all alerts from the same Subnet	Group all alerts from the same subnet, created in the last 10 minutes. In new systems, this definition is activated by default.	9040
Group alerts from the same CI class and Location	Group all alerts from the same CI class and location, created in the last 10 minutes.	9050
Group alerts from the same Application and Environment	Group all alerts from the same application and environment, created in the last 10 minutes.	9060
Group all alerts from a similar Node	Group all alerts from a similar node name, created in the last 10 minutes.	9070
Group alerts from the same Location and Assignment group	Group all alerts from the same location and assignment group, created in the last 10 minutes.	9080
Group alerts from the same Region and Metric	Group all alerts from the same region and metric, created in the last 10 minutes.	9090
Group alerts from the same CI class and Metric	Group all alerts from the same CI class and metric, created in the last 10 minutes.	9100
Group alerts from the same Node and Metric	Group all alerts from the same node and metric, created in the last 10 minutes.	9110
Group alerts from the same Assignment group and Class	Group all alerts from the same assignment group and class, created in the last 10 minutes.	9120
Group alerts from the same Type, Metric and Source	Group all alerts from the same type, metric, and source instance, created in the last 10 minutes.	9130
Group alerts from the same CI	Group all alerts from the same CI, created in the last 10 minutes. Important: When this rule is active, CMDB grouping must be disabled.	9140
Group alerts from the same Node	Group all alerts from the same node, created in the last 10 minutes. In new systems, this rule is activated by default.	9150