Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

View events

Log in to subscribe to topics and get notified when content changes.

View events

Event Management tracks individual events to manage external systems. An event is a notification from one or more monitoring tools that indicates that something of interest has occurred, such as a log message, warning, or error. Event Management receives or pulls events from one or more external event sources and stores them in the Event [em_event] table. Event Management provides a list of raw incoming events.

Before you begin

Role required: evt_mgmt_admin, evt_mgmt_operator, evt_mgmt_user, or evt_mgmt_integration
Note: Business rules must not change the Category field on event [em_event] tables.

About this task

The event monitoring tool generates the values of the source and resource fields. Event Management implementers can define event types and register nodes to help uniquely identify incoming events and create alerts for the specific needs of the enterprise. Event Management uses this information to determine whether to create a new alert or update an existing one.

An event source may generate duplicate events with the same identifying information. For events with the same identifying information, Event Management uses the time interval between events to determine if events represent an existing issue or new issue.

Additional fields should be included in the Additional info field of the event. Do not add additional fields to an event by adding a custom field to the event table [em_event]. For more information about how to include additional fields in events, see Custom alert fields.

Note: Business rules that are written for alert tables [em_alert] must be highly efficient or they may result in performance degradation.

Procedure

  1. Navigate to Event Management > All Events.
    The All Events list displays the following columns.
    Table 1. All Events list
    Column Description Populated by
    Time of event The time that the event occurred, in the network node time zone. External event monitoring tool
    Source Event monitoring software that generated the event, such as SolarWinds or SCOM. This field has a maximum length of 100. It is formerly known as event_class. External event monitoring tool
    Description Reason for event generation. Shows extra details about an issue. For example, a server stack trace or details from a monitoring tool. This field has a maximum length of 4000. External event monitoring tool
    Node Node name, fully qualified domain name (FQDN), IP address, or MAC address that is associated with the event, such as IBM-ASSET. This field has a maximum length of 100. External event monitoring tool
    Type Pre-defined event type, such as high CPU, which is used to identify an event record. This field has a maximum length of 100. External event monitoring tool
    Resource Node resource that is relevant to the event. For example, Disk C, CPU-1, the name of a process, or service. This field has a maximum length of 100. External event monitoring tool
    Message Key Event unique identifier to identify multiple events that relate to the same alert. If this value is empty, it is generated from the Source, Node, Type, and Resource field values. This field has a maximum length of 1024. External event monitoring tool
    State
    The status of the event:
    • Ready: Event has been received and is waiting to be processed.
    • Queued: Event is queued by the event processor job.
    • Processed: Event was successfully processed.
    • Error: Failure occurred while processing the event. For example, the event collection method or event Severity is blank.
    • Ignored: Value is not in use.
    Event
    Severity
    Mandatory. The options are typically interpreted as follows:
    • Critical: Immediate action is required. The resource is either not functional or critical problems are imminent.
    • Major: Major functionality is severely impaired or performance has degraded.
    • Minor: Partial, non-critical loss of functionality or performance degradation occurred.
    • Warning: Attention is required, even though the resource is still functional.
    • Info: An alert is created. The resource is still functional.
    • Clear: No action is required. An alert is not created from this event. Existing alerts are closed.
    Event
    Alert If an alert was created as a result of the event, this field contains the unique ID that Event Management generates to identify the alert. A matching event rule or event field mapping
  2. To review a single event, click the Time of event.
  3. To review the rules that processed the event, click Check process of event.
Feedback