Event Management release notes

  • Release version: Yokohama
  • Updated January 30, 2025
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Event Management release notes

    The ServiceNow® Event Management application centralizes the identification of health issues across datacenters by aggregating alerts for discovered services, application services, and automated alert groups. The Yokohama release introduces significant enhancements focused on improving alert correlation, visibility, and team management capabilities.

    Show full answer Show less

    Key Features

    • Network Traffic-Based Alert Grouping: Leveraging discovered TCP connections and ML Service Mapping, this new alert grouping reduces noise by correlating alerts on host Configuration Items (CIs) connected via network traffic. It accelerates response by focusing on critical connections and dependencies.
    • Express List® and Link View Enhancements: Users can investigate network traffic-based alert groups through the Express List® interface and review alert group connections visually using Link View.
    • Team-Level Operator Role: The new evtteamoperator role empowers team operators to independently manage their integrations, configure alert automations, and control alert management operations within their teams.
    • Metric Connector Integration: From version 2.15.1, metric connector instances for Nagios, SolarWinds, and Zabbix can ingest metrics directly, enabling seamless multi-source monitoring data integration and improving real-time anomaly detection.
    • Automated and Manual Response Actions: Starting in version 26.7.0, alerts matching specific conditions can trigger automatic or manual execution of multiple response subflows with configurable limits for enhanced control over incident responses.
    • Improved CI Linkage for Alerts: Also in version 26.7.0, an option to link a CI to an alert via Enrich Automation improves alert visibility and accuracy in IT component mapping, speeding issue resolution and enhancing correlation between alerts and infrastructure.

    Changes and Configuration Updates

    • Several property names related to alert aggregation and correlation have been renamed for clarity, such as enabling CMDB correlation and ML-based Automation correlation.
    • The default setting for the “Apply additional matching rules” option in Out-of-the-Box pull connector event rules is now enabled for easier setup unless previously modified.

    Activation and Related Features

    Event Management is available upon activation of the Event Management plugin (com.glideapp.itom.snac). It integrates with related ServiceNow applications like Metric Explorer and Agent Workspace for Metric Intelligence, which provide comprehensive health metrics and visualizations for CIs associated with alerts.

    The ServiceNow® Event Management application helps you to identify health issues across the datacenter on a single management console. Event Management provides alert aggregation for discovered services, application services, and automated alert groups. Event Management was enhanced and updated in the Yokohama release.

    Event Management highlights for the Yokohama release

    • Review network traffic-based alert grouping, which uses discovered TCP connections together with ML Service Mapping to correlate alerts on host CIs that have network traffic connections between them. This approach reduces noise, enhances visibility, and accelerates response times by focusing on critical connections and dependencies.
    • Starting in version 26.3.4, benefit from the new alert grouping based on network traffic correlations:
      • Investigate network traffic-based alert groups by using Express List®.
      • Review alert group analysis by Now Assist
      • View connections between network traffic-based alerts in Link View.
    • Enable team-level operators to create and manage their own integrations, set up their own alert automations, and enhancing control over alert management for their teams by assigning the new team_operator role.
    • Review relevant information in the Now Assist panel based on records selected in the Express List®.
    • Starting in version 2.15.1, you can configure metric connector instances for the Nagios, SolarWinds, and Zabbix monitoring tools to receive metrics directly from these monitoring tools. This enhancement provides the following benefits:
      • Seamlessly integrate monitoring data from multiple sources into Metric Intelligence.
      • Improve anomaly detection and alerting with real-time metric ingestion.

    See Event Management for more information.

    New in the Yokohama release

    Group alerts using network traffic-based grouping
    Group alerts efficiently with network traffic-based alert grouping, which uses discovered TCP connections with ML Service Mapping to correlate alerts on host CIs that have network traffic connections between them.
    View links between alerts in network traffic-based alert groups
    Once a network traffic correlation is enabled, investigate network traffic alert group details and visualize connections through Link View in Express List®.
    New role for team level operators
    Enhance team-level control over alert management with the evt_team_operator role. This role enables operators to manage Event Management operations within their assigned team, including reading and writing alerts, making configuration changes,updating Alert Automation, and setting up new integrations in the Integrations Launchpad.
    Starting in version 26.7.0, execute response subflows automatically, manually, or both for alerts that match specific conditions through the Run Other Response Actions option of Respond Automatic. This enhancement offers better control over automated responses with configurable execution limits and multiple response actions.
    Starting in version 26.7.0, link a CI to an alert for more accurate IT component mapping though the Improve Configuration Item (CI identification option of Enrich Automation. This enhancement improves alert visibility, speeds up issue resolution, and ensures better correlation between alerts and infrastructure components.

    Changed in this release

    Property name changes
    Enable CMDB Correlation for Alert Aggregation ( CMDB groups) (sa_analytics.agg.query_cmdb_correlation_enabled) has been renamed Enable CMDB correlation.
    Enable alert aggregation for CI-based Automated groups (sa_analytics.specific_patterns_enabled) has been renamed Enable ML based Automation correlation.
    Enable alert aggregation for Text-based groups (sa_analytics.text_based_group_enabled) has been renamed Enable Text based correlation.
    Use all CMDB relations for CMDB group correlation. This property impacts both CMDB group correlation and Alert Similarity on the Alert form (evt_mgmt.related_cis_get_all_relation_types) has been renamed Use all CMDB relations for CMDB group correlation.
    Pull connectors
    Simplifying the setup for Out-of-the-Box (OOTB) event rules that come with the pull connectors that have not yet been activated, deactivated, or modified, the Apply additional matching rules option is now enabled by default. If a rule has been previously applied, you must set this option manually.

    Activation information

    Event Management is available with activation of the Event Management plugin (com.glideapp.itom.snac). For details, see Request Event Management.

    Related ServiceNow applications and features

    Metric Explorer
    ServiceNow® Agent Workspace for Metric Intelligence provides a central interface that enables you to view the health of a CI associated with an alert. Health details for a CI include various metric charts with control bounds and aggregations for single score charts.