Viewing an alert group analysis by Now Assist in Express List

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Viewing an alert group analysis by Now Assist in Express List

    Now Assist in Express List uses AI-driven analysis to provide clear, human-readable insights into alert groups within ServiceNow Event Management. This analysis explains why alerts were correlated, describes the nature of the alert group, and offers technical details to streamline investigation and remediation efforts.

    Show full answer Show less

    Alert Group Types Supported

    • Tag-based alert groups: Alerts sharing common tags indicating similar impacted systems or services. Analysis highlights shared tags, reasons for grouping, and suggests remediation actions based on tag similarities.
    • CMDB alert groups: Formed when alerts relate to Configuration Items (CIs) with close topological relationships in the CMDB. Analysis explains group formation, CI relationships, and guides focus for investigation.
    • Log Analytics alert groups: Groups alerts related through time, metadata, message text, and trends, based on Health Log Analytics anomaly data and alert details. Analysis provides anomaly insights and alert context.
    • Network Traffic-based alert groups: Groups alerts by analyzing network traffic connections between processes using ML Service Mapping. Analysis describes alerts and their interconnections.
    • Mixed alert groups: Combines multiple grouping strategies (e.g., CMDB and tag-based) to enhance correlation accuracy, reduce noise, and identify root causes.

    Practical Application

    ServiceNow customers can view the Now Assist AI-generated analysis directly in Express List for any alert group type. This enables faster, more informed decisions by providing both simplified descriptions and detailed technical context.

    Additionally, alert descriptions within alert groups or individual alerts can be updated with the AI-generated summaries, improving clarity and aiding communication during incident management.

    View an analysis of alert groups in Express List, generated by Now Assist using AI. The analysis helps you better understand the nature of the alert group, why the alerts in the group were correlated, and how to proceed in the remediation process.

    The AI-driven alert group analysis offers a simplified, human-readable description of the group and technical information to help you investigate it more efficiently. The information provided is based on descriptions and Configuration Item (CI) details relating to the individual alerts in the group. Alert group analysis is supported for the following alert group types:

    Tag-based alert groups
    Tags help categorize alerts based on common attributes, such as impacted systems or services. Alerts in tag-based alert groups share certain tags, indicating similarities in the issues. The alert analysis for these groups presents the shared tags that were used to correlate the alerts in the group. It also provides insights into why these alerts were grouped. In addition, the analysis offers suggestions for a course of action based on the similarities between the tags.
    CMDB alert groups
    When an alert is created on a CI in the Configuration Management Database (CMDB), Event Management looks for alerts on other CIs that are closely related to it in the CMDB topology. A close topological relationship between CIs suggests an interdependence between components in the IT infrastructure and contributes to alert correlation. When a relationship between CIs is found, a CMDB alert group is formed. The alert analysis for CMDB alert groups explains the nature of the group and why it was formed, and the relationships between the CIs. It also provides technical information to help you decide on which alerts to concentrate your investigation.
    Log Analytics alert groups
    When Event Management identifies multiple Log Analytics alerts that are related in important ways, it groups them into a Log Analytics group. The system generates a Log Analytics group when the Log Analytics alerts share one or more relationships related to time, metadata, message text, and trend. The alert analysis for Log Analytics alert groups is based on the analysis of anomaly information provided by Health Log Analytics, and on the descriptions, CIs, and tags of the alerts in the group.
    Network Traffic-based alert groups
    The Network Traffic-based alert grouping method groups alerts by analyzing network traffic connections between processes across hosts. It leverages service candidates identified by ML Service Mapping to group the alerts. Alert analysis for network traffic-based alert groups gives a description for all the alerts in the group and the connections between them.
    Mixed alert groups
    The Mixed grouping method combines alerts using multiple grouping strategies, such as those used in CMDB alert groups and tag-based groups, in a single, cohesive group. This method leverages the strengths of each strategy to reduce alert noise, improve alert correlation, and highlight the true root cause of incidents.