Event Management | Setup


This video describes how to set up the ServiceNow ITOM Event Management application using the Guided Setup process. ITOM Guided Setup steps you through the process
of setting up Event Management… … including connectors and listeners to collect event
data from sources in your IT system… …event rules to process those events… …and alert rules, workflows and other remediations. You’ll need at least one ServiceNow MID
Server in your IT system to support Event Management. Watch this video to learn how to set up a MID Server. To start the setup, we’ll go to ITOM Guided Setup… …and Get Started. Guided Setup can help you set up several ITOM apps. For this demo, we’ll go straight to Event Management. The first setup task is event sources and properties. There are lots of properties related to Event
Management. For more information, read “Installed with
Event Management” in the product documentation. Once you’ve got Event Management up and
running, you can update these properties any time at Event Management>Settings>Properties. When we’re done, we’ll mark the step as
complete and go back to Guided Setup. The next task is to define connectors to pull
events from sources in our IT system. Event Management comes with connectors for
a variety of event sources. We’ll define an instance of one of these
connectors for each source in our system. We associate the connector with the source
by specifying the IP address of the source’s host. For more information, read “Configure a
connector instance” in the product documentation… …or watch “Collecting Events and Metrics”
in this video series. Next we’ll define listeners to receive events
pushed by sources in our system. On the MID Servers, we can define Web Service endpoints… …and endpoints for SNMP traps. And on the instance, we can define actions
to respond to emails from event sources. For more information, read “Connectors and
listeners” in the product documentation. Next we’ll define event rules to handle
events received by the connectors and listeners. These event rules generate alerts based on the events. In the Event Rule Designer… …we can define a filter to generate alerts for events that match certain conditions… …map fields in the event to fields in the alert… …set frequency thresholds to handle repeated events… …and bind the alert to specific CIs. For more information, read “Create event
rules” in the product documentation… …or watch “Event Rules” in this video series. Event Field Mappings let us set the values
of specific fields in the alert based on the values of specific fields in the event. Here, for example, if the value of the mnState
field in the event… …is 3… …the value of the mnState field in the alert… …is set to pending. These mappings happen after the event rules run. For more information, read “Create event
field mappings” in the product documentation. Correlation rules combine related alerts into
groups and define a primary alert. This helps IT personnel focus on the root cause. Here, if Event Management generates an alert
for high CPU use… … this rule defines a new group with this alert as the primary… …and adds to the group any alerts for high read latency… …or high memory use… …if the alerts are for the same CI or node… …and they occur within 24 hours of the primary. For more information, read “Create an alert
correlation rule” in the product documentation… …or watch “Grouping Alerts” in this video series. Finally, Guided Setup lets you define remediation actions to resolve issues identified by the events and alerts. First, we can create task templates to set
the values of specific fields when Event Management creates a record. Here…
…when Event Management creates an incident… …this template provides values for the State
and Active fields. We’ll see how task templates are applied
by alert action rules in a minute. For more information, read “Create a standard
change task template” in the product documentation. Next, we can create remediation workflows. Workflows is a big topic, so we won’t go
into detail here. For more information, read “Workflow”
in the product documentation… …or watch “Creating Service Catalog Execution
Plans and Workflows”. Next, we’ll create alert action rules to launch remediation actions based on the content of the alerts. This rule creates an incident for any alert
where the Severity is Critical. The tabs at the bottom let us specify remedial
actions to take. Remember that task template we saw earlier? This rule applies it to each incident it creates. And the workflow we saw? We could apply that or any other workflow here. For more information, read “Create or edit
an alert action rule” in the product documentation… …or watch “Alert Action Rules” in this video series. And finally, we can launch a remediation workflow
for any particular type of CI. Here, whenever the CI class is Computer… …Event Management launches the workflow
we saw earlier. Alert Rules provides the same functionality
as Alert-Based Remediations, which we saw earlier. Now that we’ve completed these three tasks,
Event Management is ready to use. And going forward, you can update any of these resources any time by updating the corresponding list or form. In our next video, we’ll look at setting
up Operational Intelligence. For more information, please consult our product
documentation, knowledge base, or podcast. Or ask a question in the ServiceNow Community.

Add a Comment

Your email address will not be published. Required fields are marked *