How to Integrate Event Management Systems Effectively

Event Management :

ServiceNow’s Event Management is a critical component of IT Operations Management (ITOM) ServiceNow Event Management is a robust application that helps keep our IT systems healthy by spotting problems quickly and fixing them. It collects events from different sources, figures out what’s causing the issues, and converts them into alerts. These alerts are then analyzed, grouped, and acted upon to resolve issues and maintain system health.  

To activate the Event Management plugin (com.glideapp.itom.snac), a separate subscription is required, and activation must be performed by ServiceNow personnel. This plugin includes demo data and activates related plugins if they are not already active.  

Integration with Event Management :

Create cases proactively from alerts either manually or through automation. Track the accounts and health status of the corresponding install base items affected by the alert to better correlate customer issues and provide faster responses. 

Customer Service Management provides an integration with the Event Management console in IT Operations Management, which enables us to improve the customer experience by breaking down the silos that exist between the processes and systems used by front line customer service and back-office operations teams. By monitoring issues and creating cases proactively, we can be one step ahead of your customers and solve issues faster. 

Network Operations Center (NOC) operators monitor alerts from the Service Operations Workspace.  
When alerted to a service disruption, they can identify the accounts and corresponding install base items affected and create a case for customer service to review. Customer service can view the customers affected and notify them. 

Customer service agents and managers can also track the service health status of install base items for an account to provide faster and more accurate support to customers.

1. What is Event Management :

Replace event noise with insights and clarity driven by generative AI (GenAI).  
Identify issues before they can affect users, with simple, actionable alerts. 

Businesses rely on IT operations to deliver mission-critical services and resources. However, because of disjointed monitoring technologies that produce compartmentalized streams of data, keeping an eye on the condition of these services and resources can be difficult. Manually correlating this data can be noisy and time-consuming, frequently producing thousands of events that might not be relevant to business.  

Maintaining all resources, such as cloud instances, serverless infrastructure, network infrastructure, and storage, is daunting. Teams are left to manually correlate this information to understand what is happening and then struggle to assess the business impact. Consider a scenario where it takes hours to find the issues impacting an application and even more hours identifying the root cause problem, leading to countless unproductivity.

Event Management brings events captured by existing monitoring tools into ServiceNow for consolidation, analysis, and action. Events are then processed through filters that normalize and de-duplicate the incoming event stream to generate alerts, reducing event noise significantly. The event correlation is done using machine learning and AI techniques. Generative AI helps simplify complex alerts, presenting the issue and analysis with easy-to-understand text that helps reduce time to diagnose and triage.  

In addition to traditional monitoring, ServiceNow Cloud Observability helps ingest cloud-native telemetry, enhancing the operations team’s ability to monitor service issues for the modern and distributed stack.

Benefits of Event Management :

• Improve service availability 
  Cut event noise with AIOps. Quickly identify issues so you can reduce service outages. 
• Identify the root cause 
  Turn events into actionable alerts with automated analysis for probable root cause. 
• Simplify alerts 
  Summarize and analyze jargon-heavy and vague alert descriptions with help from generative AI. 
• Revitalize your existing tools 
  Consolidate events from current monitoring tools, reducing alert noise and service impacts. 

Features of Event Management: 

• Noise reduction and alert correlation 
  Reduce event noise and simulate actions with an intuitive UI. 

• Alert insight 
  Simplify alert context using GenAI and get to the root cause faster. 

• Service Health 
  Manage incidents proactively with clear visibility when services are at risk. 

• Automated Remediation 
  Optimize everyday tasks and issues with ServiceNow workflows. 

2. Event Management Architecture: 

The Event Management Architecture in ServiceNow is designed to monitor and manage IT infrastructure and services by collecting, processing, and responding to events generated by different monitoring systems, tools, and devices. The architecture leverages several components to process these events and provide actionable insights. 

Key Components of Event Management Architecture :

The key components of ServiceNow’s event management architecture include alert correlation, service health, and automated remediation.  

Key components :

• Alert correlation: Reduces event noise and simulates actions  

• Alert insights: Uses GenAI to simplify alert context and get to the root cause faster  

• Service health: Manages incidents proactively with visibility when services are at risk  

• Automated remediation: Optimizes everyday tasks and issues with ServiceNow workflows  

• Event monitoring: Generates alerts from events captured by third-party monitoring software  

• Event integration: Uses HTTP templates to push events to the ServiceNow Events API  

• Service mapping: Helps in incident management by finding the problem’s origin  

• Reporting and analytics: Can be extended to other business functions, such as human resources, finance, and project management  

Benefits :

ServiceNow’s event management helps organizations maintain and monitor the health of their infrastructure. It also helps identify and resolve issues before they impact business operations.  

Flow of Events in ServiceNow Event Management :

Event Management collects, analyzes, and converts events into alerts, enabling efficient tracking and remediation. 

• Event Management receives external events and generates alerts based on event and alert management rules. Events are sent directly to your instance via email server, script, SNMP trap, or web service API. The corresponding alerts appear on dashboards for tracking and remediation purposes. 

• As the computer, software, or service generates events, the MID Server polls the external event tracking tool. The MID Server, maintaining a connection to Event Management, sends the information to your instance for storage, processing, and remediation. 

• The instance stores events in the Event [em_event] table and attempts to generate alerts based on predefined rules and event mappings. Regardless of whether an alert is generated, the original event is available for review and remediation. Alerts are generated according to the following process flow. 

Match Event Rule:  

Find the best matching event rule for an event. A rule is matched if the source of the event matches the source specified in an existing rule. Additionally, a rule is matched if the event matches the optional rule filter, and the event additional_info value matches the rule Additional Information filter. A rule without any filter is ignored, such as when the source filter or Additional Information filter is missing. If multiple rules are defined for the same type of event, use the rule order to determine the sequence of rule application.

Ignore Rule:  

If the rule Ignore check box is selected, no alert is generated. However, the event is still available for review and remediation.

Apply Transforms: 

• If transforms have been defined, apply them. 
• If compose parameters are set, apply the additional content to display to the user in the alert. 

Threshold Accumulation:

If Active in the threshold section is selected, accumulate all events until the threshold is met, then generate a single alert for the events. 

Event Field Mapping :

• Search for an event field mapping even if there was no event rule. 
• If an event field mapping is found, apply the mapping information. 
• If the event has no severity after the event transformations, retain the event for reference purposes and do not generate an alert.

Alert Generation :

• Search the Alert [em_alert] table for a matching message key. 
• If a matching message key exists, update the alert according to the event information. 
• If a matching message key does not exist, create an alert. 
• If another event has the same matching key, associate the events under a single alert. 
• For root cause analysis purposes, bind the alert to a specific Configuration Item (CI). 

ServiceNow Event Management provides a comprehensive framework for handling events in an IT environment. It offers automated event collection, processing, and correlation, which helps reduce manual intervention and improve incident response times. It creates a more efficient and proactive system for managing IT health and service availability by integrating with monitoring tools and other IT operations modules. 

3. Configuring Event Management :

Event Management administrators run events, manage and track alerts, collect alerts, and operate review and monitor services status using the Operator Workspace service monitor. 

The Operator Workspace service monitor is used by event management administrators to oversee events, manage and track alerts, aggregate alerts, and review and track the status of services.  
Operators of event management locate alerts, examine them, and take appropriate action to address the root cause. 

Request Event Management :

Event Management plugin (com.glideapp.itom.snac) requires a separate subscription and must be activated by ServiceNow personnel. This plugin includes demo data and activates related plugins if they are not already active.  

Set up Event Management :

The ServiceNow Store offers the most recent versions of the Event Management application (com.glideapp.itom.snac). Check for updated app versions on a regular basis in the ServiceNow Store.  

Boost the effectiveness of event management :

The Event Management Accelerator plugin ensures that Event Management maintains performance at a high level. You can choose not to use this plugin.

 

Setting up Event Management :

Configure Event Management so that it collects and processes events and can create and monitor alerts.  

Domain separation and Event Management :

Event Management supports domain separation. With domain separation, you can segregate data, processes, and administrative tasks into logical groupings known as domains. You have control over several aspects of how this separation operates, such as which users get to view and access data.  

Event Management Integrations :

An event is an alert from one or more monitoring tools that something of interest has happened, like a log message, warning, or error. 

Event forwarding :

Speed the event processing test life cycle by forwarding a series of events from your ServiceNow production instance to your non-production instance. 

Processing Events :

Event processing refers to the activity of receiving events or streams of events, processing them and triggering automatic action. The activity involves viewing events, event binding, event rules and event field mapping. 

Manage and monitor alerts :

An alert is a notification for selected events that are important and require attention. Event Management generates alerts based on event rules.

Application services in Event Management :

An application service is a set of interconnected applications and hosts which are configured to offer a service to the organization. 

View Event Management license usage :

Event Management is licensed based on the number of CIs bound to alerts during the last year. For alerts that are not bound to CIs, the system calculates the number of nodes (servers) that can send events to the instance directly or through a third-party monitoring tool during the last year. 

4. Event Field Mapping Configuration :

ServiceNow’s Event Management allows you to map event fields to alert fields to transform incoming events into actionable alerts while maintaining accuracy. This field mapping is necessary for normalizing data coming from other monitoring sources and for maintaining consistency within your IT operations. 

How to Configure Event Field Mapping: 

Access the Event Field Mapping Module:  

• Navigate to the Event Management application. 
• Click on ‘Event Field Mapping’ to see existing mappings or create new ones. 

Create a New Mapping: 

• Click the ‘New’ button to define a new event field mapping. 
• Enter the event field you want to map and the corresponding alert field. 
• Define any necessary transformation rules or conditions to ensure accurate data mapping. 

Save and Test: 

• After the mapping configuration, save the changes. 
• Test the mapping by generating events to ensure that they are properly transformed into alerts as desired. 

For detailed instructions and best practices, refer to the official ServiceNow documentation on Event Field Mapping. 

Correct configurations in event field mappings can enable higher accuracy and efficiency in the management of our IT operations through accurate information to trigger an alert through events received. 

5. Configure Pull and Push Connectors :

  In ServiceNow’s Event Management, connectors enable integration with external monitoring tools and data sources. Connectors work in two primary modes: pull and push. 

Pull Connectors: ServiceNow periodically fetches event data from external sources. 

Push Connectors: External systems send event data to ServiceNow, either directly to the instance or through a MID Server. 

Configuring a Pull Connector: 

 Role required: evt_mgmt_admin 

Navigate to Connector Instances: 

• Go to All > Event Management > Integrations > Connector Instances. 

Create a New Connector: 

• Click on New 
• Enter necessary fields that give information like a connector definition, MID Server when applicable, and connection parameters. 

Set Collection Schedule: 

• Define how frequently ServiceNow shall collect data from the external source 

Save and Test: 

• Save the configuration 
• Test the connector for correct retrieval of events. 

Configuring a Push Connector:  Role required: evt_mgmt_admin 

Setting Up a Listener: 

• Set up the listener at the ServiceNow instance or a MID Server where the listener will listen for incoming events. 

Configure Connector Parameters: 

• Provide details such as how the events will be formatted, what authentication methods shall be implemented, and what parsing rules are required. 

Configure the External System: 

• Ensure that event data will be routed to this endpoint by configuring the external monitoring tool. 

Save and Test: 

• Save the connector configuration. 
• Send test events from the external system to test that they are received and processed in ServiceNow. 

Configuration of pull and push connectors must ensure seamless integration between ServiceNow and our external monitoring systems, enabling efficient event management and response. 

6. Configure SNMP traps listener to receive OEM traps 

To configure the SNMP traps listener in ServiceNow to receive Oracle Enterprise Manager (OEM) traps, follow these steps: 

Access the SNMP Trap Listener Configuration: 

• Go to the Event Management application in your ServiceNow instance. 
• Find and click on the ‘SNMP Trap Listener’ module. 

Define the OEM Trap Listener: 

• Click on ‘New’ to create a new SNMP trap listener configuration. 
• Give the listener a meaningful name, like ‘OEM Trap Listener’. 
• Provide the IP address and port number on which the SNMP traps are to be received. Ensure this is configured as in your OEM setup. 

Configure SNMP Community Strings: 

• Enter the appropriate SNMP community strings for authenticating incoming traps. 
• Verify that the community strings match what was configured in your OEM environment. 

Map OEM Traps to ServiceNow Events: 

1. Create event rules to process incoming OEM traps. 

2. Map specific trap OIDs (Object Identifiers) to match event fields in ServiceNow. 

3. This mapping ensures that information from OEM traps is represented correctly within ServiceNow events. 

Testing: 

With the listener and mappings in place, send some test traps from your OEM system to ensure they are received and processed correctly within ServiceNow. 
Monitor the Event Management dashboard to ensure the traps are generating the expected events and alerts. 

Thank you for taking the time to read our content! We appreciate your interest in SotioTech and look forward to helping you achieve your IT service management goals with our ServiceNow solutions. If you have any questions or need assistance, feel free to reach out to us through our page www.sotiotech.com and our pages. Stay connected with us on LinkedIn for the latest update.