Event Management subflows in the base system

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 3 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Event Management Subflows in the Base System

    Event Management subflows are integrated within the alert management rules in ServiceNow's IT Operations Management (ITOM) module. They allow users to automate responses to alerts, enhancing operational efficiency and incident management processes. Customers can access these subflows to manage alerts effectively and streamline their response actions.

    Show full answer Show less

    Key Features

    • Acknowledge Alert: Marks an alert as acknowledged, indicating that further attention is needed.
    • Attach Knowledge Article (legacy): Enables attachment of a knowledge article to alerts, useful for legacy system migrations.
    • Change Alert to Maintenance Mode: Marks alerts as being in maintenance mode.
    • Close Alert: Finalizes and closes an alert.
    • Create Incident: Generates a new incident using fields from the alert, unless an incident is already associated or the alert is in maintenance mode.
    • Create Major Incident Candidate: Converts alerts into major incident candidates, with similar conditions as the incident creation process.
    • Create Major Incident from Alert: Initiates a major incident based on the alert details under specific conditions.
    • Create Task (legacy): Uses a task template to create tasks for legacy system instances, if configured.
    • Overwrite Alert Template (legacy): Applies alert templates for legacy instances when needed.

    Key Outcomes

    By utilizing these subflows, ServiceNow customers can expect to improve their alert management processes. The automation provided reduces manual intervention, ensures timely incident creation, and enhances overall operational responsiveness. This results in better resource allocation and improved service continuity in IT operations.

    The subflows provided with the base system appear in the Remediation Subflows area of alert management rules.

    Accessing the subflows

    Navigate to Event Management > Rules > Alert Management Rules and click New. Click the Actions tab. In the Remediation Subflows area, double-click the Insert a new row field.

    Specify subflow

    Click the search icon Search icon to add subflows. The list of subflows that are provided with the base system appears.

    Table 1. Subflows in the base system
    Name Description
    Acknowledge Alert Subflow to mark the alert as being Acknowledged. Acknowledge an alert to show that further attention is required.
    Attach Knowledge Article (legacy) Subflow to attach a knowledge article to the alert.

    This subflow is provided for instances that are migrated from legacy releases (prior to the London release).

    Note:
    Add the Knowledge article column to the Alert Management Rules [em_alert_management_rule] table, and select an article to attach to an alert when the rule executes.
    Change Alert to Maintenance Mode Subflow to mark the alert as being in Maintenance.
    Close Alert Subflow to mark the alert as being Closed.
    Create Incident Subflow to create an incident. Fields from the alert are used to populate the matching fields in the incident that is created.
    Note:
    • If there is an existing incident that is attached to the alert, this subflow is not activated.
    • If the alert is in Maintenance, an incident is not created.
    • The alert management job runs even if the alert grouping job is not complete, if a specified time frame has passed. When this occurs, you can enable the Avoid INTs on secondary alerts rule to prevent incidents from being created for secondary alerts (when the evt_mgmt.avoid_int_enabled property is enabled), since an incident already exists for the primary alert.
    Create Major Incident Candidate Subflow to create a major incident candidate. Fields from the alert populate the matching fields in the major incident candidate that is created. A major incident candidate can be upgraded to become a major incident.
    Note:
    • If there is an existing incident that is attached to the alert, this subflow is not activated.
    • If the alert is in Maintenance, a major incident candidate is not created.
    • If the Role in group is Secondary, the major incident candidate is not created.
    Create Major Incident from Alert Subflow to create a major incident from alert. Fields from the alert are used to populate the matching fields in the major incident that is created.
    Note:
    • If there is an existing incident that is attached to the alert, this subflow is not activated.
    • If the alert is in Maintenance, an incident is not created.
    • If the Role in group is Secondary, the major incident candidate is not created.
    Create Major Incident with Impact Subflow to create a major incident from an alert in which the Impact field is also taken as input. Fields from the alert are used to populate the matching fields in the major incident that is created.
    Note:
    • If there is an existing incident that is attached to the alert, this subflow is not activated.
    • If the alert is in Maintenance, an incident is not created.
    • If the Role in group is Secondary, the major incident candidate is not created.
    Create Major Incident Candidate with Impact Subflow to create a major incident candidate in which the Impact field is also taken as input. Fields from the alert populate the matching fields in the major incident candidate that is created. A major incident candidate can be upgraded to become a major incident.
    Note:
    • If there is an existing incident that is attached to the alert, this subflow is not activated.
    • If the alert is in Maintenance, a major incident candidate is not created.
    • If the Role in group is Secondary, the major incident candidate is not created.
    Create Task (legacy) This subflow uses a task template, if provided, or the EventMgmtCustomIncidentPopulator script for instances migrated from legacy releases (prior to the London release). If configured, apply the task template.
    Note:
    Add the Task template column to the Alert Management Rules [em_alert_management_rule] table, and select a task template and task to apply when the rule executes.
    Overwrite Alert Template (legacy) This subflow applies the alert template.

    This subflow is provided for instances that are migrated from legacy releases (prior to the London release).

    Note:
    Add the Task type column to the Alert Management Rules [em_alert_management_rule] table, and select an alert template to apply when the rule executes.
    1. Select the subflow that you need.
    2. To customize a subflow, see Create a custom subflow. This topic also describes the input parameters in a subflow.
    3. To specify when the workflow must be executed, double-click the cell under Execution.

      Subflow execution

      .