Event and Alert dashboard

Release version: Yokohama

Updated January 30, 2025

2 minutes to read

Summarize

Summarized using AI

Summary of Event and Alert dashboard

The Event and Alert dashboard in ServiceNow uses Performance Analytics to deliver real-time insights into events and alerts managed by Event Management. It highlights critical metrics such as noise reduction, alert grouping coverage, incident compression, and top alert and event sources. This dashboard helps you monitor trends, outcomes, and identify the most impacted configuration items (CIs) to enhance operational visibility and decision-making.

Show full answer Show less

Prerequisites and Access

The Event Management application must be installed.
Users need ServiceNow AI Platform roles: evtmgmtadmin or evtmgmtoperator.
To enable partial historical data, run the [PA EM] Historic Data Collection job once via Performance Analytics Data Collector Jobs.
Access the dashboard by navigating to All > AIOps Dashboards > AIOps Operational > Events and Alerts, or through the Service Operations Workspace under AIOps Dashboards.

Use Cases and Permissions

evtmgmtadmin or admin users can edit the dashboard and manage permissions.
evtmgmtoperator or admin users can view the dashboard and drill down into event and alert details to track operational trends and outcomes.

Key Metrics and Visualizations

The dashboard provides the following visual breakdowns:

Noise reduction (events to alerts compression): Line graph showing how effectively events are compressed into fewer alerts.
Alerts grouping coverage: Line graph showing the percentage of alerts grouped over time.
Incident compression rate: Line graph indicating the percentage of alerts resolved without creating incidents.
Top 20 alert sources (last 7 days): Bar chart categorizing alerts by severity and source.
Top 20 event sources (last 5 days): Bar chart categorizing events by severity and source.
Alerts without CI (last 7 days): Line graph tracking alerts that lack configuration item binding.
Alerts grouping (last 7 days): Bar chart showing distribution of grouped alerts.

Most Impacted Configuration Items

This section identifies the CIs most affected by events and alerts, showing details such as:

CI name
Number of associated alerts
Classification (e.g., application service)
Location
Owner and support group responsible

This information enables prioritization of critical assets and efficient incident resolution, helping maintain system stability and performance.

The Event and Alert dashboard uses Performance Analytics to provide real-time visibility into events and alerts in Event Management, showcasing key trends, outcomes, and the most impacted configuration items. It highlights metrics such as noise reduction, alert grouping coverage, and top alert sources.

Events and Alerts dashboard.

Run the [PA EM] Historic Data Collection job once to enable the partial collection of historical Event Management data:

Navigate to All > Performance Analytics > Data Collector > Jobs.
Select [PA EM] Historic Data Collection.
Select Execute Now.

Prerequisites

Ensure that the Event Management application is installed.

Required ServiceNow AI Platform roles

evt_mgmt_admin
evt_mgmt_operator

Access the Events and alerts dashboard

To open the dashboard, use one of the following methods:

Navigate to All > AIOps Dashboards > AIOps Operational > Events and Alerts.
Navigate to Workspaces > Service Operations Workspace and select the AIOps Dashboards icon ().
By default, the Events and Alerts tab is selected.

Use cases

For examples of how different people in your organization would use this dashboard, see these use cases.


User	Dashboard use
evt_mgmt_admin or admin	Edit the dashboard and grant view and share permissions.
evt_mgmt_operator or admin	View the dashboard and details of the records contained in it to visualize and track events, alerts, trends, outcomes, and the most impacted Configuration Items in your organization.

Breakdowns

Breakdowns available in the Event and Alert dashboard are:

Trends
Outcomes

Reports


Title	Type	Description
Noise reduction (events to alerts compression)	Line graph	The compression rate from events to alert creation. The higher the number, the fewer alerts are being created.
Alerts grouping coverage	Line graph	The percentage of alerts aggregated into grouped alerts over time.
Incident compression rate	Line graph	The percentage of alerts that did not result in incident creation. A higher percentage means more alerts were resolved without generating incidents.
Top 20 alert sources (last 7 days)	Bar chart	The number of alerts per source categorized by severity over the last 7 days.
Top 20 event sources (last 5 days)	Bar chart	The number of events per source categorized by severity over the last 5 days.
Alerts without CI (created on last 7 days)	Line graph	The number of alerts without CI binding created over the last 7 days.
Alerts grouping (last 7 days)	Bar chart	The distribution of grouped alerts over the last 7 days.

Most impacted Configuration Items

The Most Impacted Configuration Items section of the Event and Alert dashboard provides a comprehensive overview of the configuration items (CIs) that are most impacted by the issue. This section lists key details such as the name of each CI, the number of associated alerts, their classification (such as application service), and location. Additionally, it identifies the owner and support group responsible for each CI, facilitating targeted and efficient incident resolution. By highlighting the most impacted CIs, this section helps prioritize critical assets and resources, ensuring that the most significant issues are addressed promptly to maintain system stability and performance.