Analyzing and resolving Log Analytics alerts

  • Release version: Australia
  • Updated March 12, 2026
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Analyzing and resolving Log Analytics alerts

    As an Operator using ServiceNow Health Log Analytics (HLA), you are tasked with analyzing and resolving alerts generated from log data anomalies. This process involves reviewing alert severity, affected configuration items (CIs), related log data, and impacted services to identify and address root causes before they affect users.

    Show full answer Show less

    Key Features

    • Alert Review and Remediation: Begin remediation directly from the alert Overview tab, which consolidates alert details, associated log data, related CIs, and impacted services to provide a comprehensive context.
    • Detailed Log Analysis: Investigate logs surrounding anomalies to gather clues about system faults. Use the Log Viewer to browse logs by timestamp or time range and visualize anomaly frequency through charts for deeper insights.
    • Log Correlation: Utilize log correlators to find relationships between alerts, helping to determine if an alert is linked to a larger issue.
    • Now Assist Integration: Access in-depth, human-readable analysis and suggested resolutions for alerts via Now Assist, enabling quicker identification and resolution of issues.
    • Knowledge Base (KB) Article Addition: After resolving an alert, attach KB articles to document insights and resolutions, aiding future troubleshooting efforts.

    Practical Use

    This capability empowers ServiceNow customers to proactively monitor their ServiceNow instances by detecting emerging issues through Health Log Analytics. By leveraging alert analysis, log correlation, and guided remediation, you can resolve problems efficiently, reducing impact on platform users and maintaining system health.

    Analyze and resolve Log Analytics alerts by investigating log data and taking action to resolve the underlying issue.

    Overview of analyzing and resolving a Log Analytics alert

    As an Operator, you're responsible for analyzing and resolving the alerts that Health Log Analytics generates. When HLA creates an alert, you review the alert's severity, the affected configuration item (CI), the log data associated with the anomaly, and the impacted services. You try to identify the root cause by investigating the logs that surround the anomaly.

    In the Express List, review alert details and use Now Assist to get an in-depth analysis of the alert and potential resolutions in straightforward, human-readable language. By drilling down into the alert, you can quickly identify the issue and proceed to resolve it before it affects your users.

    Using the Log Viewer, you can browse the alert logs by timestamp or range for further investigation. You can visualize the frequency of anomalous log lines in a chart.

    More detailed information on tasks and procedures for analyzing and resolving Log Analytics is available via the following links.

    For a brief explanation of key terms and concepts used in HLA, see the Health Log Analytics terminology.

    Use cases

    Use Case: Proactive monitoring of your ServiceNow instance in Health Log Analytics - Use Health Log Analytics to detect and resolve emerging issues in your organization's ServiceNow instance before they affect platform users.