Edit feedback for an automated alert group

Modify which manual additions and removals of alerts are automatically applied to newly formed automated alert groups.

About this task

Event Management alert aggregation and RCA tracks your feedback of manually adding or removing alerts from automated alert groups. Later, when alert aggregation and RCA forms new automated alert groups, those additions and removals are automatically repeated.

You can edit this form of feedback by reviewing the list of user actions for the alert group, and then undoing specific alert additions and alert removals. Those additions and removals are not repeated when new automated alert groups are formed.

Procedure

  1. Navigate to Event Management > Alert Aggregation and RCA > Edit Feedback.
  2. In the Grouped Alerts page:
    1. Click the alert group for which you want to edit feedback, and then click the user edit (Added or Removed) that you want to undo.
    2. Or, click the button next to the alert group for which you want to edit feedback. In the list of all user edits (Added and Removed), click the user edit that you want to undo.
  3. Fill out the form and then click Submit.
    Most fields on the form are automatically populated according to the selected alert group and the user edit.
    Table 1. Grouped Alert form
    Field Description
    Alert Alert that was manually added and that should not be automatically added in newly formed automated alert groups.

    This field is automatically set.

    Aggregated Group Automated alert group to which Alert was added or removed from.

    This field is automatically set.

    User Edits User action of Added or Removed for Alert.

    This field is automatically set.

    Undo User Edits Check box for preventing the automatic addition or removal of alerts that are similar to Alert, when forming alert groups that are similar to Aggregated Group.
    Primary Alert Primary alert of Aggregated Group.

    This field is automatically set.

    Group Type of the alert group, such as CMDB, manual, or automated.
    Last event generation time The last time the event that is linked to the alert occurred. This time is the ServiceNow processing time, not the source system time.

    This field is automatically set.

    Metric Name Unique name that describes which metric data is collected.

    This field is automatically set.

    Resource Node resource that is relevant to the event that is lined to the alert.

    This field is automatically set.

    Severity The severity of the event. The value for this field is copied from the event unless the event closes the alert, in which case the previous severity is retained for reporting.
    • Critical: Immediate action is required. The resource is either not functional or critical problems are imminent.
    • Major: Major functionality is severely impaired or performance has degraded.
    • Minor: Partial, non-critical loss of functionality or performance degradation occurred.
    • Warning: Attention is required, even though the resource is still functional.
    • Info: An alert is created. The resource is still functional.
    • Clear: No action is required. An alert is not created from this event. Existing alerts are closed.

    This field is automatically set.

    Source Event monitoring software that generated the event, such as SolarWinds or SCOM. This field has a maximum length of 100. It is formerly known as event_class.

    This field is automatically set.

    Short description The alert description.

    This field is automatically set.