Analyzing and resolving Log Analytics alerts

  • Release version: Zurich
  • Updated July 31, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Analyzing and resolving Log Analytics alerts

    As a ServiceNow Operator, you are responsible for analyzing and resolving alerts generated by Health Log Analytics (HLA). When an alert is created, you review its severity, the affected Configuration Item (CI), the related log data, and impacted services. Your goal is to investigate the logs around the anomaly to identify the root cause and take corrective action before users are affected.

    Show full answer Show less

    The Express List provides alert details and integrates with Now Assist, which offers in-depth, human-readable analysis and potential resolutions to help you quickly understand and address the issue. The Log Viewer allows you to browse logs by timestamp or range and visualize anomaly frequencies, offering a comprehensive view to support deeper investigation.

    Key Features

    • Alert Overview Tab: Start remediation from this tab, which displays alert information, associated log data, affected CIs, and impacted services.
    • Log Analysis: Review log lines surrounding the anomaly to gather clues about the faulting systems and narrow down root causes.
    • Log Correlators: Identify relationships between alerts to determine if they are part of a larger issue, enhancing your ability to prioritize and respond effectively.
    • Now Assist Integration: Use Now Assist from the Express List for detailed alert analysis and recommended resolutions in clear language.
    • Log Viewer: Browse alert-related logs over specific time ranges and visualize anomaly frequency over time to support thorough investigations.
    • Knowledge Base Integration: Add KB articles to alerts once resolved, providing helpful information for addressing similar future issues.

    Key Outcomes

    • Efficient identification and resolution of issues detected by Health Log Analytics, minimizing impact on users.
    • Improved root cause analysis through detailed log examination and alert correlation.
    • Enhanced operational knowledge sharing via KB articles linked to resolved alerts.
    • Proactive monitoring capability to detect and mitigate emerging problems within your ServiceNow instance before they affect platform users.

    Analyze and resolve Log Analytics alerts by investigating log data and taking action to resolve the underlying issue.

    Overview of analyzing and resolving a Log Analytics alert

    As an Operator, you are responsible for analyzing and resolving the alerts that Health Log Analytics generates. When HLA creates an alert, you review the alert's severity, the affected Configuration Item (CI), the log data associated with the anomaly, and the impacted services. You try to identify the root cause by investigating the logs that surround the anomaly.

    In the Express List, review alert details and use Now Assist to get an in-depth analysis of the alert and potential resolutions in straightforward, human-readable language. By drilling down into the alert, you can quickly identify the issue and proceed to resolve it before it affects your users.

    Using the Log Viewer, you can browse the alert logs by timestamp or range for further investigation. You can visualize the frequency of anomalous log lines in a chart.

    • Start remediation of a Log Analytics alert from the Overview tab

      Begin the remediation process of a Log Analytics alert from the alert Overview tab. This tab provides information on the alert, log data associated with the anomalous behavior, CIs associated with the alert, and services impacted by it.

    • Analyze the logs that surround the anomaly

      Review the log lines surrounding the anomaly for clues about the state of faulting systems. This information can help you narrow down the root cause of the alert.

    • Use log correlators to identify relationships in log data

      Identify relationships between alerts to help you determine whether an alert is part of a larger issue.

    • Navigate to the Express List and select an alert from the Alerts list.

      Use Now Assist to get an in-depth analysis of the alert and potential resolutions. By drilling down into the alert, you can quickly identify the issue and proceed to resolve it.

    • Review the logs for an alert on the Log viewer

      For further investigation you can navigate to the Log Viewer to browse the alert logs by timestamp or time range, and visualize anomaly frequency within a time period for a comprehensive view of log data over a specified time range.

    • Add a KB article to a Log Analytics alert

      When you have resolved an alert that Health Log Analytics generated, you can add a knowledge base (KB) article to it. For example, provide information that might help others resolve similar issues.

    Use cases

    Use Case: Proactive monitoring of your ServiceNow instance in Health Log Analytics - Use Health Log Analytics to detect and resolve emerging issues in your organization's ServiceNow instance before they affect platform users.