Alert insight properties

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Alert insight properties

    Alert insight properties allow ServiceNow customers with theevtmgmtadminrole to configure how alert data is retrieved, analyzed, and presented within the Alert Insight pane. These settings manage alert history time frames, similarity criteria, related configuration item (CI) relationships, scoring of relationships, and limits on related tasks. Proper configuration optimizes the relevance and clarity of alert analysis and CI relationships, enhancing incident management and root cause analysis capabilities.

    Show full answer Show less

    Key Configuration Areas

    • Time Frame Settings: Control how far back alert data is retrieved for repeated or similar alerts (default 30 days), and how long recently closed alerts are considered (default 3 days).
    • Similarity Criteria: Define which alert fields (e.g., source, type, resource, metricname) determine alert similarity to group related alerts effectively.
    • Related CIs Configuration: Determine which CMDB relationship types (containment, hosting, suggested relations) are used to find related CIs and set the maximum depth for application service relationships.
    • Scoring of Relationships: Assign scores to different relationship types and levels to quantify the relevance of related CIs. Scores accumulate to prioritize the most pertinent relationships.
    • Maximum Related Tasks: Limit the number of related tasks retrieved for alert insights (default 10) to maintain performance and focus.

    Metadata Rules and Relationship Management

    Alert insight considers parent-child CI relationships modeled via metadata rules, including containment (which CIs contain others) and hosting (which CIs run on others). Customers can manage these rules using the CI Class Manager and Metadata Editor modules, allowing precise control over how CI relationships influence alert insights.

    Practical Impact for ServiceNow Customers

    • Enables tailored alert grouping and analysis by configuring similarity and related alerts retrieval.
    • Improves accuracy of related CI identification by using configurable CMDB relationship rules and scoring.
    • Allows customization of alert insight data depth and volume, balancing detail and system performance.
    • Supports better incident, change, and problem management by showing relationship affiliations between CIs linked to alerts.

    Use these properties to configure alert insight.

    The role required: evt_mgmt_admin

    The following alert_insight properties are under sys_properties.

    Property Usage
    Time Frame
    evt_mgmt.alert_insight_alert_history_min Set the time frame (in minutes) to retrieve repeated and similar alert data. Default 43200 (30 days)
    Note:
    Alerts are retrieved regardless of their state (open / reopen / flapping / closed).
    evt_mgmt.alert_insight_closed_alert_window Set the time frame (in minutes) to retrieve alerts that were already closed. It is the time after the alert last updated date. Default: 4320 (3 days)
    Similarity
    evt_mgmt.alert_insight_alert_same_as_filter This property is a comma-separated string that defines which of the alert fields is used to consider alerts to be similar. Default: source,type,resource,metric_name
    Related CIs
    evt_mgmt.alert_insight_related_cis_topology_levels
    The relationship types are:
    • CMDB based (metadata rules and suggested relations)
    • Within application services
    • Within Alert groups
    		 For ‘Within application service’ relationship type, this property sets the depth or the maximum level of relationship of retrieved CIs. Default: 3
    Score
    evt_mgmt.alert_insight_group_mapping This property sets the score for within alert group relations. Default: 2
    evt_mgmt.alert_insight_level_1_mapping This property sets the score for level 1 relationship. Default: 3
    evt_mgmt.alert_insight_level_2_mapping This property sets the score for level 2 relationship. Default: 2
    evt_mgmt.alert_insight_level_3_mapping This property sets the score for level 3 relationship. Default: 1
    Maximum related tasks
    evt_mgmt.alert_insight_max_tasks Maximum related tasks to retrieve for alert insight. Default: 10

    Metadata rules consideration

    The parent-child relationship of CIs is considered. Dependent relationship rules consist of hosting and containment rules, each type modeling the data from a different perspective of the CI.

    To manage dependent relationship rules:
    • To access rules at the class level, use the CI Class Manager. Navigate to All > Configuration > CI Class Manager.
    • To access grouped rules, use the Metadata Editor. Navigate to All > Configuration > Identification/Reconciliation > Metadata Editor.

    Containment rules represent configuration hierarchy of CIs, describing which CI contains which other CIs.

    Hosting rules represent placement of CIs in a business definition, describing what CIs run on.

    Modify the alert insight properties to configure the way alert information and analysis appears in the Alert Insight pane.

    Related CIs configuration

    The following properties control which CMDB relationships to consider for related CIs. The CMDB relationships include regular CMDB relation rules, metadata rules (containment rules and hosting rules), and suggested relations.

    Property Usage
    evt_mgmt.related_cis_get_all_relation_types Get all relation types, not including metadata rules. Default: false
    evt_mgmt.related_cis_use_containment_rules Use metadata containment rules. Default: true
    evt_mgmt.related_cis_use_hosting_rules Use metadata hosting rules. Default: true
    evt_mgmt.related_cis_use_suggested_relations_rules Use suggested relations rules. Default: false
    evt_mgmt.related_cis_validate_relation_rules This property controls whether to validate relation of CI according to metadata rules. Default: true

    Score

    Scores are configured per relation type or depth. Scores are accumulated. The higher the score, the more relevant is the related CI to the current CI.

    Example:For a CI that was found at level 2 in the same application service of the current CI, the score is 2. The same CI is in the same alert group, so there is an extra score of 3. The accumulated score is therefore 2+3 = 5.

    Affiliation type

    The Affiliation Type column in the Related Incidents, Related Change Requests, and Related Problems tabs shows the type of relationship that the CI of the selected alert and the related CI have.

    To see affiliation type relationships, navigate to All > Configuration > Identification/Reconciliation > Metadata Editor.

    The parent-child relationship between configuration items is considered.