Performing real-time updates to tags for cloud resources

  • Release version: Yokohama
  • Updated January 30, 2025
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Performing real-time updates to tags for cloud resources

    This feature enables ServiceNow customers to perform real-time updates to tags on cloud resources by processing cloud events and applying tag policies immediately. This capability ensures that configuration items (CIs) in the CMDB reflect the most current tag information, improving accuracy and governance for cloud assets across providers like Amazon AWS, Microsoft Azure, and Google Cloud.

    Show full answer Show less

    Prerequisites

    • The Cloud events table ([sncmpcloudevents]) must not contain any records in the processed state.
    • CIs affected by tag changes must be identified through either CAPI or Discovery and Service Mapping patterns.
    • At least one tag policy must be configured with the Run on cloud events checkbox selected to enable real-time processing.

    Setup and Configuration

    To enable real-time tag updates, configure cloud event processing specific to your cloud provider:

    • Set up Amazon AWS Config service to auto-update the CMDB.
    • Configure Microsoft Azure Alert service for CMDB updates.
    • Enable Google Cloud's Operations Suite Logging service for CMDB updates.

    This setup allows the system to detect tag change events per CI and execute the appropriate tag policies only on impacted CIs, rather than performing audits on all CIs.

    Tag Event Processing Behavior

    • Tag audits are triggered only for CIs with detected tag change events if the tag policy’s "Run on cloud events" option is enabled.
    • The Tag Change Log ([snitomtagchangelog]) table records the change type and details of tag additions or updates, storing records for 90 days by default.
    • Change log entries are created regardless of whether changes resulted from remediation runs or event triggers.

    Performance Optimization

    High volumes of tag change events or many tag policies can impact system performance. Customers can tune these system properties to manage processing load effectively:

    • snitomtag.azurewindowsize: Defines the time window in minutes for processing events.
    • snitomtag.maxauditlagratio: Controls the allowable lag between running tag audits before triggering new audits.
    • snitomtag.policybatchsize: Sets the batch size for tag audits execution.
    • snitomtag.eventbatchsize: Determines the batch size for processing events.

    Adjusting these properties helps maintain acceptable performance during periods of high event inflow or complex tag policy configurations.

    You can set up cloud events processing and map a tag policy to update tags for cloud resources in real time.

    Prerequisites

    • Cloud events table [sn_cmp_cloud_events] table does not have any records in the processed state.
    • CIs impacted by tag change events are identified by either CAPI or Discovery and Service Mapping patterns.
    • Configured at least one tag policy.
    • Select the Run on cloud events check box in the tag policy you create.

    Instructions depend on the cloud provider

    See the following setup instructions for cloud event processing:

    Process cloud events related to changes in tags and execute tag audits on the events in real time.

    Unlike regular tag audits, where the audit is performed on all CIs in the CMDB that the tag policy applies to, tag events are processed per CI. Based on the prerequisites, tag event processing occurs on events that are identified with a tag change. The impacted CI is identified and, if the associated policy is applicable to the CI, the tag policy is run on the identified CI.

    If the Run on cloud events check box is selected during policy creation, the policy is selected to run an audit on tag change events. If the check box is cleared, the audit is not run on the CI even if there are tag change cloud events.

    View the change type that applies to the tag (the change that triggered the audit) in the Tag Change Log [sn_itom_tag_change_log] table. The records in the table are stored for 90 days by default. The change log records appear whether a remediation run or an event triggered the change on the CI. You can also view tags that were added or updated as part of the change.

    Optimizing performance

    High event inflow or a large number of tag policies can decrease performance. You can modify the following system properties to ensure acceptable performance:
    • [sn_itom_tag.azure_window_size] - This system property is configurable (in minutes).
    • [sn_itom_tag.max_audit_lag_ratio] - Specify the lag between tag audits that are already running, before the audit triggers on the records ready for audit.
    • [sn_itom_tag.policy_batch_size] - Batch size on which the tag audit is run.
    • [sn_itom_tag.event_batch_size] - Event batch size to be processed.