Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • Madrid
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Create or edit an event rule

Log in to subscribe to topics and get notified when content changes.

Create or edit an event rule

You can create event rules to generate alerts for tracking and remediation.

Before you begin

Role required: evt_mgmt_admin

About this task

You can view the list of available event rules on the event rule page.
You can create rules that:
  • Transform information in events to populate specified alert field values and compose alert fields from various values.
  • Configure threshold rules that create or close alerts only when the incoming matching events exceed the specified threshold.
  • Bind alerts to CIs using CI identifiers.
Options to create the rule are:
  • Create an event rule and assign event fields for alert generation.
  • Create a rule from an existing event or groups of events that do not have a rule. In this case, the event fields are copied to the Event Match Fields section of the rule.
  • Edit an existing event rule.
Note: Event rules that are not configured to perform any action are skipped. Therefore, if the rule is not configured as ignore, threshold, or binding, it is important to specify either the match or the compose fields.

Procedure

  1. Navigate to Event Management > Rules > Event Rules and take one of the following actions:
    OptionDescription
    Create an event rule from an existing event
    1. Click the link for unassociated events or grouped events that are not mapped to rules.
      Example wording of the link: "There are 2 recommended rules, created out of 7 unassociated events of the most recent 50000 events."
    2. Select the event that you want to use for creating the rule.

      The event fields are copied to the Event Field Rules section of the rule.

    Edit an existing event rule In the event rule list, click the required event rule to be modified. The event rule opens in the event rule designer where you can modify the values of the fields.
    • Click Save and Upgrade Event Management save to modify the rule when the following banner message appears and you want to convert the event rule.
      Rule cannot be viewed in the
                event rule designer. To modify the rule click 'Save and Upgrade'.
    Create an event rule Click New.
  2. Ensure that Active Active toggleis selected. When the rule is deactivated, Event Management finds and applies another event rule. An alert is still created for the event unless Ignore is selected in another applicable rule or when configuring the filter for this event rule.
  3. Enter a unique and meaningful name and fill in the form.
    Table 1. Event Rule Info form
    Field Description
    Source Category to which this matching rule applies. The mapping rule only applies to events with the same event class value. If this value is empty, apply the rule to all events.
    Order Order in which an event rule is evaluated when multiple rules are defined for the same type of event. Event rules are evaluated in ascending order.
    Description Type additional information that describes the event rule.
  4. (Optional) Define the event rule using these Event Rule designer features:
    OptionDescription
    Event Filter Define a filter to restrict to which events the event rule must apply. See Filter the events that an event rule applies to.
    Transform and compose alert output Configure the customization of alert content. See Configure an event rule to customize alert content.
    Threshold Create or close alerts according to the specified threshold. See Set a threshold to suppress alert generation.
    Binding Configure event rules to automatically bind alerts to CI information from the CMDB. See Alert binding to CIs with event rules.
  5. Click Save, Submit, or Update.

What to do next

Feedback