Thank you for your feedback.
Form temporarily unavailable. Please try again or contact to submit your comments.

CMDB alert groups

Log in to subscribe to topics and get notified when content changes.

CMDB alert groups

Alerts are grouped by Event Management alert aggregation and root cause analysis (RCA) using different methods of correlation. For CIs without historical data, alerts are correlated based on those CIs relationships in the CMDB. CMDB alert groups are displayed in the alert list in Alert Intelligence and in the Event Management dashboard.

To correlate alerts into groups, alert aggregation and RCA learns from historical alert data and then forms alert patterns. Alert aggregation and RCA then attempts to match new alerts with these patterns to correlate alerts and create alert groups. However, in some situations, such as, with a new implementation, or with a new set of CIs, there is no historical data to learn from. In these situations, alert aggregation and RCA can automatically correlate alerts based on CI relationships. This correlation is based on hosting rules, containment rules, and suggested relationships. For example, the alerts for the CIs in the following relationships can be correlated into a CMDB alert group:
  • A server hosting a computer
  • Processes that are running on a specific server
Note: The hosting and containment relationships that are used for CMDB-based grouping are used only if the number of connections between the CIs is small. If two CIs are related through many connections, the connection is considered to be too weak for CMDB-based grouping.

You can view all alert groups by navigating to Event Management > Alert Intelligence Alert Intelligence. The icon in the Group column denotes the alert group type. Alerts that do not have an entry in the Group column are not correlated with any group.

If your ServiceNow instance uses domain separation, domain names are considered when forming groups.

RCA for CMDB alert groups

If the Enable CMDB Correlation for Alert Aggregation (sa_analytics.agg.query_cmdb_correlation_enabled) property is set to true and CMDB alert groups are forming, then alert aggregation and RCA apply RCA to identify a root cause alert within the CMDB alert group. Identified root cause alerts are then displayed with a star in the Alert Group Timeline view in Alert Intelligence. If a root cause alert is identified for a CMDB alert group, then that alert is designated as the primary alert of the group.

Configure automatic creation of CMDB alert groups

Use the properties listed in this table to control which alerts are automatically included in CMDB alert groups. For more information about Event Management properties, see Components installed with Event Management.
Table 1. Properties to control CMDB alert groups
Property Setting
Enable CMDB Correlation for Alert Aggregation sa_analytics.agg.query_cmdb_correlation_enabled Enable to allow alert aggregation and RCA to automatically use CI relationships to correlate alerts and form CMDB alert groups.
Enable Suggested Relations for CMDB Correlation evt_mgmt.related_cis_use_suggested_relations_rules Enable to use a whitelist and any suggested relationship that is defined in the system when forming CMDB alert groups.
CMDB Groups: Relationship level sa_analytics.agg.query_cmdb_graph_walk_nodes Set the number of levels to use for dot-walking. Dot-walking provides access to fields on related tables from a form, list, or script. For more information, see Dot-walking examples .

The setting for this property impacts the application of CMDB hosting rules, containment rules, and endpoints to CMDB group formation during alert aggregation.

sa_analytics.agg.query_cmdb_containment_enabled Set to false to disable CMDB alert groups from forming when using hosting and containment relationships.

To add this property to your instance, navigate to System Properties > All Properties and click New. Specify these details:

  • Name: sa_analytics.agg.query_cmdb_containment_enabled
  • Type: true | false
  • Value: true
  • Click Submit.
sa_analytics.agg.ignore_cmdb_applicative_flow Set to true to prevent CMDB groups from forming due to applicative flow relations.

To add this property to your instance, navigate to System Properties > All Properties and click New. Specify these details:

  • Name: sa_analytics.agg.ignore_cmdb_applicative_flow
  • Type: true | false
  • Value: false
  • Click Submit.