Information on the Overview tab for a Component-based alert

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Overview tab for a Component-based alert

    The Overview tab in Health Log Analytics provides a comprehensive view of Component-based alerts to help ServiceNow customers quickly understand the root causes and context of an alert. This tab consolidates key information such as the identified issue, anomalies, impacted configuration items, services, and associated incidents, enabling efficient analysis and resolution.

    Show full answer Show less

    Key Features

    • Identified issue: Displays the main problem that triggered the alert. It appears prominently in the alert title and on a dedicated card. Users can click the information icon to understand how the issue was detected and view log lines generated one minute before and after the alert for deeper investigation.
    • Configuration Items (CIs): Provides access to detailed information about the CIs related to the alert. Users can navigate to the Configuration Items tab or expand the section to analyze affected components, supporting informed troubleshooting.
    • Impacted services: Shows which services are impacted by the alert. Detailed service impact information is accessible via the Impacted services tab, helping prioritize remediation efforts based on service criticality.
    • Anomaly card: Visualizes the anomalous activity leading to the alert. It displays current metric spikes against expected baselines, including comparisons to the same hour one day earlier and the same period one week earlier. This helps users quickly identify unusual behavior patterns.
    • Meaningful log properties: Highlights specific log properties that contributed to the anomaly using bar charts to show the distribution of values. This insight guides targeted log analysis by revealing dominant log attributes involved in the anomaly.
    • Top alerts: Summarizes related alerts by combining data from Similar alerts and Repeated alerts tabs, providing a total count and quick access to additional details. This supports recognizing broader patterns or recurring issues.
    • Top incidents: Displays summaries from incidents related to the affected CI and related CIs. This helps correlate alerts with ongoing or past incidents, aiding in faster root cause identification and resolution.

    Key Outcomes

    Using the Overview tab for Component-based alerts equips ServiceNow customers with actionable insights that accelerate issue detection, impact assessment, and resolution. By integrating anomaly visualization, log property analysis, and incident correlation in a single view, customers can streamline their incident response workflows and improve service reliability.

    The alert Overview tab in Health Log Analytics helps you understand Component-based alerts.

    Sections on the Overview tab for a Component-based alert

    For a detailed description of Component-based alerts, see Types of Health Log Analytics alerts.

    Identified issue

    The "identified issue" led to the alert. The issue appears in the title for the alert and on a card on the tab. Information about the alert appears in the banner.

    Figure 1. Identified issue
    Identified issue appears here and in alert title
    • Click the information icon (Information icon.) to see how the issue was identified.
    • Click View surrounding logs to view the log lines that were generated one minute before and one minute after the alert. See Analyze log lines that surround an anomaly.
    Configuration Items
    To view more detailed information on the CIs that are associated with the alert, click the Configuration Items tab or click View more in the Configuration Items section. See Operator phase 1: Analyze and acknowledge an alert.
    Impacted services
    To view detailed information on the services that are impacted by the alerts, click the Impacted services tab. See Operator phase 1: Analyze and acknowledge an alert.
    Anomaly
    The Anomaly card illustrates the anomalous activity that led to the alert.
    • The blue line shows the recent anomalous activity.
    • On some charts, the lightly shaded area indicates the expected (learned baseline) behavior.

      A peach-shaded area represents the baseline values for the same hour one day earlier. A pink-shaded area shows the values for the same period in the previous week.

    • Click the information icon to see how the anomaly was identified: Information icon.
    In this example, the peach-shaded area shows the same data for the same hour one day earlier. The spike in the metric value (events per minute) is clearly visible.
    Figure 2. Anomaly card
    Anomaly card identifies and illustrates anomalous behavior.
    In this example, the pink-shaded area represents the baseline values for the same hour in the previous week.
    Figure 3. Anomaly card with baseline values one week earlier
    Baseline values for same hour in previous week.

    For more information on the kinds of anomalies that you might encounter, see Types of anomalous behavior.

    Meaningful log properties
    On the Meaningful log properties card, each bar chart shows the distribution of values for a single log property that contributed to the anomaly. Each property value is associated with a color. The length of a color bar correlates to the percentage that the property value holds in comparison with all other values for the property. For the p_a5 property in the example, the value EUR appeared in 56.12% of log lines, GBP in 13.67%, and so on.
    Figure 4. Meaningful log properties
    Meaningful log properties shows the relative frequency of occurrence for property values.
    Top alerts

    The Top alerts card displays summaries of data from the Similar alerts and Repeated alerts tabs. The Total results value is the sum of the two values. Click More details to open the Alert Insight Similar Alerts tab. For details, see Information on the Alert Insight Similar Alerts tab.

    Figure 5. Top alerts
    Top alerts shows counts of total, similar, and repeated alerts.
    Top incidents

    The Top incidents card displays summaries of data from the Incidents on CI and Incidents on related CIs tabs. The Total results value is the sum of the two values. Click More details to open the Incidents on CI tab.

    Figure 6. Top incidents
    Top incidents shows counts of total results, incidents on CI, and incidents on related CIs.