Product documentation Docs
    • English
    • Deutsch
    • 日本語
    • 한국어
    • Français
  • More Sites
    • Now Community
    • Developer Site
    • Knowledge Base
    • Product Information
    • ServiceNow.com
    • Training
    • Customer Success Center
    • ServiceNow Support Videos
  • Log in

Product documentation

  • Home
How search works:
  • Punctuation and capital letters are ignored
  • Special characters like underscores (_) are removed
  • Known synonyms are applied
  • The most relevant topics (based on weighting and matching to search terms) are listed first in search results
Topics are ranked in search results by how closely they match your search terms
  • A match on the entire phrase you typed
  • A match on part of the phrase you typed
  • A match on ALL of the terms in the phrase you typed
  • A match on ANY of the terms in the phrase you typed

Note: Matches in titles are always highly ranked.

  • Release version
    Table of Contents
    • IT Operations Management
Table of Contents
Choose your release version
    Home Orlando IT Operations Management IT Operations Management ITOM Health Event Management Alert aggregation and RCA CMDB alert groups

    CMDB alert groups

    • Save as PDF Selected topic Topic & subtopics All topics in contents
    • Unsubscribe Log in to subscribe to topics and get notified when content changes.
    • Share this page

    CMDB alert groups

    Alerts are grouped by Event Management alert aggregation and root cause analysis (RCA) using different methods of correlation. For CIs without historical data, alerts are correlated based on those CIs relationships in the CMDB. CMDB alert groups are displayed in the alert list in Alert Intelligence and in the Event Management dashboard (for instances upgraded from a release before Orlando).

    To correlate alerts into groups, alert aggregation and RCA learns from historical alert data and then forms alert patterns. Alert aggregation and RCA then attempts to match new alerts with these patterns to correlate alerts and create alert groups. However, in some situations, such as, with a new implementation, or with a new set of CIs, there is no historical data to learn from. In these situations, alert aggregation and RCA can automatically correlate alerts based on CI relationships. This correlation is based on hosting rules, containment rules, and suggested relationships. For example, the alerts for the CIs in the following relationships can be correlated into a CMDB alert group:
    • A server hosting a computer
    • Processes that are running on a specific server

    You can view all alert groups by navigating to Event Management > Alert IntelligenceAlert Intelligence. The icon in the Group column denotes the alert group type. Alerts that do not have an entry in the Group column are not correlated with any group.

    If your ServiceNow instance uses domain separation, domain names are considered when forming groups.

    RCA for CMDB alert groups

    Alert aggregation and RCA apply RCA to identify a root cause alert within the CMDB alert group if the following properties are set to true:
    • Enable CMDB Correlation for Alert Aggregation [sa_analytics.agg.query_cmdb_correlation_enabled]
    • Enable root cause analysis for CMDB groups [sa_analytics.agg.query_cmdb_rca_enabled]
    When these properties are set to true, the RCA algorithm calculates the group's root cause alert. The identified root cause alerts appear with a star in the Alert Group Timeline view in Alert Intelligence.
    Figure 1. RCA indicator on alerts timeline
    RCA indicator on alerts timeline
    If a root cause alert is identified for a CMDB alert group, that alert is designated as the primary alert of the group.

    Configure automatic creation of CMDB alert groups

    Use the properties listed in this table to control which alerts are automatically included in CMDB alert groups. For more information about Event Management properties, see Components installed with Event Management.
    Table 1. Properties to control CMDB alert groups
    Property Setting
    Enable CMDB Correlation for Alert Aggregation sa_analytics.agg.query_cmdb_correlation_enabled Enable to allow alert aggregation and RCA to automatically use CI relationships to correlate alerts and form CMDB alert groups.
    Enable Suggested Relations for CMDB Correlation evt_mgmt.related_cis_use_suggested_relations_rules Enable to use any suggested relationship that is defined in the system when forming CMDB alert groups.
    CMDB Groups: Relationship level sa_analytics.agg.query_cmdb_graph_walk_nodes Set the number of levels for which a CI bound to an alert is grouped with other CIs bound to alerts. For example, if this property is set to 3, a CI bound to an alert is automatically grouped with any other CIs bound to alerts that are within 3 hops or less.

    The setting for this property impacts the application of CMDB hosting rules, containment rules, and endpoints to CMDB group formation during alert aggregation.

    evt_mgmt.related_cis_use_containment_rules Set to false to disable CMDB alert groups from forming when using hosting and containment relationships.

    To add this property to your instance, navigate to System Properties > All Properties and click New. Specify these details:

    • Name: sa_analytics.agg.query_cmdb_containment_enabled
    • Type: true | false
    • Value: true
    • Click Submit.
    sa_analytics.agg.ignore_cmdb_applicative_flow Set to true to prevent CMDB groups from forming due to applicative flow relations.

    To add this property to your instance, navigate to System Properties > All Properties and click New. Specify these details:

    • Name: sa_analytics.agg.ignore_cmdb_applicative_flow
    • Type: true | false
    • Value: false
    • Click Submit.
    sa_analytics.agg.query_cmdb_rca_enabled Enable root cause analysis for CMDB groups. This property is enalbed by default.

    To access this property, navigate to Event Management > Alert Aggregation and RCA > Properties. Then select the Enable root cause analysis for CMDB groups check box.

    • View root cause alert for a CMDB alert group

      View the identified root cause alert within the group to identify the root cause CI when troubleshooting a problem.

    • View the Dependency Views map for CMDB alerts

      The Dependency Views map helps you to understand how and why alerts are grouped. The map shows the connecting CIs between CMDB alerts in a group. A CI which is not part of the group is still included in the map when it connects with other alert CIs in the group.

    Related concepts
    • Alert group types
    Related topics
    • Add a suggested relationship

    Tags:

    Feedback
    On this page

    Previous topic

    Next topic

    • Contact Us
    • Careers
    • Terms of Use
    • Privacy Statement
    • Sitemap
    • © ServiceNow. All rights reserved.

    Release version
    Choose your release version

      CMDB alert groups

      • Save as PDF Selected topic Topic & subtopics All topics in contents
      • Unsubscribe Log in to subscribe to topics and get notified when content changes.
      • Share this page

      CMDB alert groups

      Alerts are grouped by Event Management alert aggregation and root cause analysis (RCA) using different methods of correlation. For CIs without historical data, alerts are correlated based on those CIs relationships in the CMDB. CMDB alert groups are displayed in the alert list in Alert Intelligence and in the Event Management dashboard (for instances upgraded from a release before Orlando).

      To correlate alerts into groups, alert aggregation and RCA learns from historical alert data and then forms alert patterns. Alert aggregation and RCA then attempts to match new alerts with these patterns to correlate alerts and create alert groups. However, in some situations, such as, with a new implementation, or with a new set of CIs, there is no historical data to learn from. In these situations, alert aggregation and RCA can automatically correlate alerts based on CI relationships. This correlation is based on hosting rules, containment rules, and suggested relationships. For example, the alerts for the CIs in the following relationships can be correlated into a CMDB alert group:
      • A server hosting a computer
      • Processes that are running on a specific server

      You can view all alert groups by navigating to Event Management > Alert IntelligenceAlert Intelligence. The icon in the Group column denotes the alert group type. Alerts that do not have an entry in the Group column are not correlated with any group.

      If your ServiceNow instance uses domain separation, domain names are considered when forming groups.

      RCA for CMDB alert groups

      Alert aggregation and RCA apply RCA to identify a root cause alert within the CMDB alert group if the following properties are set to true:
      • Enable CMDB Correlation for Alert Aggregation [sa_analytics.agg.query_cmdb_correlation_enabled]
      • Enable root cause analysis for CMDB groups [sa_analytics.agg.query_cmdb_rca_enabled]
      When these properties are set to true, the RCA algorithm calculates the group's root cause alert. The identified root cause alerts appear with a star in the Alert Group Timeline view in Alert Intelligence.
      Figure 1. RCA indicator on alerts timeline
      RCA indicator on alerts timeline
      If a root cause alert is identified for a CMDB alert group, that alert is designated as the primary alert of the group.

      Configure automatic creation of CMDB alert groups

      Use the properties listed in this table to control which alerts are automatically included in CMDB alert groups. For more information about Event Management properties, see Components installed with Event Management.
      Table 1. Properties to control CMDB alert groups
      Property Setting
      Enable CMDB Correlation for Alert Aggregation sa_analytics.agg.query_cmdb_correlation_enabled Enable to allow alert aggregation and RCA to automatically use CI relationships to correlate alerts and form CMDB alert groups.
      Enable Suggested Relations for CMDB Correlation evt_mgmt.related_cis_use_suggested_relations_rules Enable to use any suggested relationship that is defined in the system when forming CMDB alert groups.
      CMDB Groups: Relationship level sa_analytics.agg.query_cmdb_graph_walk_nodes Set the number of levels for which a CI bound to an alert is grouped with other CIs bound to alerts. For example, if this property is set to 3, a CI bound to an alert is automatically grouped with any other CIs bound to alerts that are within 3 hops or less.

      The setting for this property impacts the application of CMDB hosting rules, containment rules, and endpoints to CMDB group formation during alert aggregation.

      evt_mgmt.related_cis_use_containment_rules Set to false to disable CMDB alert groups from forming when using hosting and containment relationships.

      To add this property to your instance, navigate to System Properties > All Properties and click New. Specify these details:

      • Name: sa_analytics.agg.query_cmdb_containment_enabled
      • Type: true | false
      • Value: true
      • Click Submit.
      sa_analytics.agg.ignore_cmdb_applicative_flow Set to true to prevent CMDB groups from forming due to applicative flow relations.

      To add this property to your instance, navigate to System Properties > All Properties and click New. Specify these details:

      • Name: sa_analytics.agg.ignore_cmdb_applicative_flow
      • Type: true | false
      • Value: false
      • Click Submit.
      sa_analytics.agg.query_cmdb_rca_enabled Enable root cause analysis for CMDB groups. This property is enalbed by default.

      To access this property, navigate to Event Management > Alert Aggregation and RCA > Properties. Then select the Enable root cause analysis for CMDB groups check box.

      • View root cause alert for a CMDB alert group

        View the identified root cause alert within the group to identify the root cause CI when troubleshooting a problem.

      • View the Dependency Views map for CMDB alerts

        The Dependency Views map helps you to understand how and why alerts are grouped. The map shows the connecting CIs between CMDB alerts in a group. A CI which is not part of the group is still included in the map when it connects with other alert CIs in the group.

      Related concepts
      • Alert group types
      Related topics
      • Add a suggested relationship

      Tags:

      Feedback

          Share this page

          Got it! Feel free to add a comment
          To share your product suggestions, visit the Idea Portal.
          Please let us know how to improve this content

          Check any that apply

          To share your product suggestions, visit the Idea Portal.
          Confirm

          We were unable to find "Coaching" in Jakarta. Would you like to search instead?

          No Yes
          • Contact Us
          • Careers
          • Terms of Use
          • Privacy Statement
          • Sitemap
          • © ServiceNow. All rights reserved.

          Subscribe Subscribed Unsubscribe Last updated: Tags: January February March April May June July August September October November December No Results Found Versions Search preferences successfully updated My release version successfully updated My release version successfully deleted An error has occurred. Please try again later. You have been unsubscribed from all topics. You are now subscribed to and will receive notifications if any changes are made to this page. You have been unsubscribed from this content Thank you for your feedback. Form temporarily unavailable. Please try again or contact  docfeedback@servicenow.com  to submit your comments. The topic you requested does not exist in the release. You were redirected to a related topic instead. The available release versions for this topic are listed There is no specific version for this documentation. Explore products Click to go to the page. Release notes and upgrades Click to open the dropdown menu. Delete Remove No selected version Reset This field is required You are already subscribed to this topic Attach screenshot The file you uploaded exceeds the allowed file size of 20MB. Please try again with a smaller file. Please complete the reCAPTCHA step to attach a screenshot
          Log in to personalize your search results and subscribe to topics
          No, thanks Login