List of predefined tag-based alert clustering definitions

  • Release version: Washingtondc
  • Updated February 1, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of List of Predefined Tag-Based Alert Clustering Definitions

    The Tag Based Alert Clustering Engine application includes predefined alert clustering definitions that enhance the management of alerts in IT Operations. These definitions allow for effective grouping of alerts based on specific criteria, improving clarity and response times for IT teams.

    Show full answer Show less

    Key Features

    • Group Alerts by Application: Clusters alerts from the same application created in the last 10 minutes, activated by default in new systems.
    • Group Alerts by IP Address: Gathers alerts from the same IP address within the last 10 minutes.
    • Group Alerts by Namespace: Combines alerts from the same namespace, also activated by default in new systems.
    • Group Alerts by Subnet: Similar to the above, but focused on subnet grouping, activated by default.
    • Group Alerts by CI Class and Location: Clusters alerts from the same configuration item (CI) class and location.
    • Group Alerts by Application and Environment: Focuses on alerts related to specific applications and their environments.
    • Group Alerts by Node: Combines alerts from similar node names.
    • Group Alerts by Location and Assignment Group: Groups alerts based on their physical location and assignment group.
    • Group Alerts by Region and Metric: Clusters alerts based on geographical region and associated metrics.
    • Group Alerts by CI Class and Metric: Combines alerts from the same CI class with associated metrics.
    • Group Alerts by Node and Metric: Focuses on alerts from the same node along with their metrics.
    • Group Alerts by Assignment Group and Class: Groups alerts from the same assignment group and class.
    • Group Alerts by Type, Metric, and Source: Clusters alerts based on type, metric, and specific source instance.
    • Group Alerts by CI: Gathers alerts from the same CI, with the note that CMDB grouping must be disabled when this rule is active.
    • Group Alerts by Node: Similar to other node-based definitions, activated by default in new systems.

    Key Outcomes

    By utilizing these predefined clustering definitions, ServiceNow customers can streamline alert management, reduce noise from irrelevant alerts, and facilitate quicker incident response. This enhances overall operational efficiency and helps maintain service availability.

    A list of the predefined alert clustering definitions provided with the Tag Based Alert Clustering Engine  application.

    Table 1. Predefined alert clustering definitions
    Name Description Order
    Group alerts from the same Application Group all alerts from the same application, created in the last 10 minutes. In new systems, this definition is activated by default. 9010
    Group all alerts from the same IP address Group all alerts from the same IP address, created in the last 10 minutes. 9020
    Group all alerts from the same Namespace Group all alerts from the same namespace, created in the last 10 minutes. In new systems, this definition is activated by default. 9030
    Group all alerts from the same Subnet Group all alerts from the same subnet, created in the last 10 minutes. In new systems, this definition is activated by default. 9040
    Group alerts from the same CI class and Location Group all alerts from the same CI class and location, created in the last 10 minutes. 9050
    Group alerts from the same Application and Environment Group all alerts from the same application and environment, created in the last 10 minutes. 9060
    Group all alerts from a similar Node Group all alerts from a similar node name, created in the last 10 minutes. 9070
    Group alerts from the same Location and Assignment group Group all alerts from the same location and assignment group, created in the last 10 minutes. 9080
    Group alerts from the same Region and Metric Group all alerts from the same region and metric, created in the last 10 minutes. 9090
    Group alerts from the same CI class and Metric Group all alerts from the same CI class and metric, created in the last 10 minutes. 9100
    Group alerts from the same Node and Metric Group all alerts from the same node and metric, created in the last 10 minutes. 9110
    Group alerts from the same Assignment group and Class Group all alerts from the same assignment group and class, created in the last 10 minutes. 9120
    Group alerts from the same Type, Metric and Source Group all alerts from the same type, metric, and source instance, created in the last 10 minutes. 9130
    Group alerts from the same CI Group all alerts from the same CI, created in the last 10 minutes.
    Important:
    When this rule is active, CMDB grouping must be disabled.
    		 9140
    Group alerts from the same Node Group all alerts from the same node, created in the last 10 minutes. In new systems, this rule is activated by default. 9150