List of predefined tag-based alert clustering definitions
Summarize
Summarized using AI
This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.
Summary of List of predefined tag-based alert clustering definitions
This content provides a detailed list of predefined alert clustering definitions available in the Tag Based Alert Clustering Engine application for ServiceNow, specifically in the Yokohama release version. These definitions enable automated grouping of alerts based on shared tag attributes within a recent 10-minute window, helping to streamline alert management and reduce noise.
Show less
Key Features
- Alert Grouping by Various Tags: Alerts can be clustered based on several attributes such as Application, IP address, Namespace, Subnet, CI class, Location, Environment, Node, Assignment group, Region, Metric, Type, Source instance, and CI.
- Predefined Definitions with Activation Status: Some clustering definitions are activated by default in new systems, including grouping by Application, Namespace, Subnet, and Node, ensuring immediate alert consolidation out-of-the-box.
- Time-bound Grouping: All alert grouping is based on alerts created within the last 10 minutes, offering timely and relevant aggregation of alerts.
- Order of Processing: Each definition has an assigned order number, which may affect the sequence in which clustering rules are applied.
- Special Considerations: When the "Group alerts from the same CI" rule is active, CMDB grouping must be disabled to avoid conflicts.
Practical Use for ServiceNow Customers
By leveraging these predefined tag-based alert clustering rules, customers can efficiently reduce alert noise and group related alerts for faster incident response. Activating or customizing these definitions allows tuning of alert management to match organizational needs. The 10-minute window ensures alerts are clustered based on recent activity, improving relevance and operational efficiency.
A list of the predefined alert clustering definitions provided with the Tag Based Alert Clustering Engine  application.
| Name | Description | Order |
|---|---|---|
| Group alerts from the same Application | Group all alerts from the same application, created in the last 10 minutes. In new systems, this definition is activated by default. | 9010 |
| Group all alerts from the same IP address | Group all alerts from the same IP address, created in the last 10 minutes. | 9020 |
| Group all alerts from the same Namespace | Group all alerts from the same namespace, created in the last 10 minutes. In new systems, this definition is activated by default. | 9030 |
| Group all alerts from the same Subnet | Group all alerts from the same subnet, created in the last 10 minutes. In new systems, this definition is activated by default. | 9040 |
| Group alerts from the same CI class and Location | Group all alerts from the same CI class and location, created in the last 10 minutes. | 9050 |
| Group alerts from the same Application and Environment | Group all alerts from the same application and environment, created in the last 10 minutes. | 9060 |
| Group all alerts from a similar Node | Group all alerts from a similar node name, created in the last 10 minutes. | 9070 |
| Group alerts from the same Location and Assignment group | Group all alerts from the same location and assignment group, created in the last 10 minutes. | 9080 |
| Group alerts from the same Region and Metric | Group all alerts from the same region and metric, created in the last 10 minutes. | 9090 |
| Group alerts from the same CI class and Metric | Group all alerts from the same CI class and metric, created in the last 10 minutes. | 9100 |
| Group alerts from the same Node and Metric | Group all alerts from the same node and metric, created in the last 10 minutes. | 9110 |
| Group alerts from the same Assignment group and Class | Group all alerts from the same assignment group and class, created in the last 10 minutes. | 9120 |
| Group alerts from the same Type, Metric and Source | Group all alerts from the same type, metric, and source instance, created in the last 10 minutes. | 9130 |
| Group alerts from the same CI | Group all alerts from the same CI, created in the last 10 minutes. Important: When this rule is active, CMDB grouping must be disabled. |
9140 |
| Group alerts from the same Node | Group all alerts from the same node, created in the last 10 minutes. In new systems, this rule is activated by default. | 9150 |