List of predefined tag-based alert grouping definitions

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of List of Predefined Tag-Based Alert Grouping Definitions

    This document outlines the predefined alert clustering definitions available in the Tag Based Alert Clustering Engine application, designed to help ServiceNow customers efficiently group alerts based on specific criteria within a short time frame (last 10 minutes). These definitions can enhance incident management by providing context and reducing alert noise.

    Show full answer Show less

    Key Features

    • Application Grouping: Alerts from the same application are grouped for better visibility.
    • IP Address Grouping: Alerts from the same IP address are clustered together.
    • Namespace Grouping: Alerts from the same namespace are collected for analysis.
    • Subnet Grouping: Alerts from a specific subnet are grouped, useful for network monitoring.
    • CI Class and Location Grouping: Alerts from the same Configuration Item (CI) class and location are combined.
    • Application and Environment Grouping: This helps in correlating alerts to specific applications and environments.
    • Node and Metric Grouping: Alerts from similar nodes or metrics are grouped for easier management.
    • Assignment Group and Class Grouping: Alerts are collected based on assignment groups and CI classes.
    • Type, Metric, and Source Grouping: This definition combines alerts based on type, metric, and source instance.
    • CI Grouping: Alerts from the same CI are grouped, with a note that CMDB grouping must be disabled when active.

    Key Outcomes

    By using these predefined alert grouping definitions, ServiceNow customers can streamline their incident response processes, reduce alert fatigue, and improve the efficiency of their IT operations. These configurations allow for quick identification of related alerts, facilitating faster resolution and better resource allocation.

    A list of the predefined alert clustering definitions provided with the Tag Based Alert Clustering Engine  application.

    Table 1. Predefined alert clustering definitions
    Name Description Order
    Group alerts from the same Application Group all alerts from the same application, created in the last 10 minutes. In new systems, this definition is activated by default. 9010
    Group all alerts from the same IP address Group all alerts from the same IP address, created in the last 10 minutes. 9020
    Group all alerts from the same Namespace Group all alerts from the same namespace, created in the last 10 minutes. In new systems, this definition is activated by default. 9030
    Group all alerts from the same Subnet Group all alerts from the same subnet, created in the last 10 minutes. In new systems, this definition is activated by default. 9040
    Group alerts from the same CI class and Location Group all alerts from the same CI class and location, created in the last 10 minutes. 9050
    Group alerts from the same Application and Environment Group all alerts from the same application and environment, created in the last 10 minutes. 9060
    Group all alerts from a similar Node Group all alerts from a similar node name, created in the last 10 minutes. 9070
    Group alerts from the same Location and Assignment group Group all alerts from the same location and assignment group, created in the last 10 minutes. 9080
    Group alerts from the same Region and Metric Group all alerts from the same region and metric, created in the last 10 minutes. 9090
    Group alerts from the same CI class and Metric Group all alerts from the same CI class and metric, created in the last 10 minutes. 9100
    Group alerts from the same Node and Metric Group all alerts from the same node and metric, created in the last 10 minutes. 9110
    Group alerts from the same Assignment group and Class Group all alerts from the same assignment group and class, created in the last 10 minutes. 9120
    Group alerts from the same Type, Metric and Source Group all alerts from the same type, metric, and source instance, created in the last 10 minutes. 9130
    Group alerts from the same CI Group all alerts from the same CI, created in the last 10 minutes.
    Important:
    When this rule is active, CMDB grouping must be disabled.
    		 9140
    Group alerts from the same Node Group all alerts from the same node, created in the last 10 minutes. In new systems, this rule is activated by default. 9150