Event Management tag based alert clustering tag form

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Event Management Tag Based Alert Clustering Tag Form

    The Tag Based Alert Clustering Tag form in Event Management allows ServiceNow customers to create or modify tags that group alerts based on matching criteria. This feature helps organize alerts by identifying common attributes, improving alert management efficiency and clarity.

    Show full answer Show less

    Key Features

    • Name: Unique identifier for the clustering tag, defaulting to a description of the configured tag, which becomes visible after saving. Users can customize this name by selecting a checkbox.
    • Domain: Displays the domain where the tag record was created; this field is read-only.
    • Description: Optional field to provide additional information about the tag.
    • Source: Specifies where to select the field to match alerts from, with options including Alert Field, Alert Additional Info, Alert CI, Alert CI Key, and Alert Tags.
    • Selected Field and Key: Depending on the source, users choose the specific field or key that alerts must share to be grouped together. For example, when selecting Alert Additional Info, a key from JSON key-value pairs is specified.
    • CMDB Key: When clustering based on Configuration Item (CI) keys, users select the relevant CMDB key value to determine alert commonalities.
    • Match Method: Defines the matching criteria for alerts to be clustered:
      • Exact: Alerts must share an identical field value.
      • Fuzzy: Alerts match approximately based on a configured similarity percentage.
      • Pattern: Alerts must follow a specified pattern (refer to pattern matching syntax for details).
    • Similarity: Used only with the Fuzzy match method, this sets the minimum percentage of similarity required for alerts to be included in a group, with a default of 90%.

    Practical Application

    By configuring tag based alert clustering tags, ServiceNow customers can efficiently group related alerts based on specific fields, keys, or patterns. This helps reduce alert noise and enhances incident response by focusing on clusters of similar alerts rather than isolated cases. The ability to customize match methods and similarity thresholds provides flexibility to tailor alert grouping to organizational needs.

    The form for creating or modifying a tag based alert clustering tag displays detailed information about the tag.

    Table 1. Tag based alert clustering tag form
    Field Description
    Name Name of the clustering tag. Defaults to a description of the configured tag (such as, Exact match on Alert Field "metric name").

    The default name is visible only after saving the tag.

    Tag names must be unique.
    Customized name Select the check box to customize the value in the Name field.
    Domain The domain in which the current record was created. Read-only.
    Description Enter an optional description of the tag.
    Source Select the source from which to choose the field to be matched.
    • Alert field
    • Alert additional info
    • Alert CI
    • Alert CI key
    • Alert tags

    If you select Alert additional info, choose an Additional Info Key instead of a field. Alert additional info is a field on alert containing the key value pair in Jason format and we can use a specific key.

    Alert CI key: Create CMDB key values to cluster alerts based on CMDB Key Values [cmdb_key_value] table. Key values provide an additional method for determining commonalities between alert CIs.
    Selected field Indicate the field that has to match between alerts for the alerts to be included in a group.

    Appears when you select Alert Field or Alert CI in the Source field.

    If you select Alert CI in the Source field, you need to select a CMDB key. A CMDB key is assigned to the CI of the alert.
    Key Indicate the Key that has to match between alerts for the alerts to be included in a group.

    Appears when you select Alert additional info in the Source field, or appears when you select Alert tags in the Source field.

    When Alert additional info is selected, enter the name of one of the fields in the additional info field.

    When Alert tags is selected, enter the name of the relevant alert tag.
    CMDB key Indicate the CMDB key to match for the alerts to be included in a group.

    Appears when you select Alert CI Key in the Source field.
    Match method Select the type of match required for the alerts to be included in a group.
    • Exact: Indicates that the field value must be an exact match for the alert to be included in a group.

      For example, you can configure an alert clustering tag indicating that the alert's Metric name field must be an exact match to form a group. When invoking that tag, all alerts with identical values in the Metric name field are included in the same group.

    • Fuzzy: Indicates that the field value needs to be an approximate match (depending on the value configured in the Similarity field) for the alert to be included in a group.
    • Pattern: Indicates that the field value needs to follow the pattern in the Pattern field. For correct syntax and usage examples, see Pattern matching.
    Similarity Specify the similarity percentage that must be met by the alerts to be included in a group. For example, entering 50 indicates that at least 50 percent of the indicated value must appear in the alert for the alert to be included in the group.

    Appears only when Fuzzy is selected as the Match Method value.

    Default value = 90