What is Event Management in the ServiceNow ITOM module?

Before talking about what Event Management is, we need to understand that in large companies, every device on the network is being monitored by one or more monitoring tools. The main purpose of these monitoring tools is to automatically watch these devices and if something has gone wrong or if something is about to go wrong, generate a (warning or an error) message.

These (error/warning) messages are called Events.

So why do we need Event Management? We need event management because monitoring tools are not smart. 

In a complex network where multiple devices are connected together to perform a single function, when one device fails, the monitoring tool watching it (the failed device) and the monitoring tools watching the other devices (that the failed device was working with) all start generating their own error/warning messages. Although the number of messages is big, the actual problem is just one failed device. Let's try to understand this with the example of the Customer Order System that we talked about earlier. We know that the front-end of this system is on one server. The REST API is on another server, and the Database is on a third server. Now let's suppose that the database server breaks down. The tool monitoring the database server will go crazy and start generating an error message every 60 seconds. But things won't stop there. Now because the REST API is unable to send requests to the database server, the monitoring tool that is monitoring the REST API would also start generating error messages every 60 seconds. And because the front-end would now, not be able to send requests to the REST API, the monitoring tool, monitoring the front-end server would also start generating error messages every 60 seconds. 

So now we have a huge bunch of error messages from multiple machines even though only one machine broke down. How do we make sense of these error messages and find the root cause of the error messages? 

This is what Event Management helps us with. You see, in the above scenario, each monitoring tool is generating the same error message every 60 seconds. So that's a lot of duplicate messages. Event Management would take all duplicate messages and present them as single messages to us. Then Event Management is going to use the Service Mapping to determine that the three servers, generating these error messages, actually work together to perform a single function (which is Customer Order System here). Event Management is going to use Service Mapping to also determine, that out of the three servers, which server is dependent upon which. In this case, the front-end server is dependent upon the REST API server to do its job, and the REST API server is dependent upon the database server to do its job. The database server is not dependent upon the other two to do its job though. We can sum this up by saying that the server sending the requests is the dependent server. And the server that is receiving those requests and responding to them is the provider. So, in our example, the front-end depends upon the REST API to work and the REST API depends upon the database server to work. Since the database server does not send requests to any server, it does not depend upon any other server to do its job. This means, when the database server goes down, the other servers that depend upon it to do their job also sort of go down with it and start generating error messages. Using Service Mapping, Event Management is going to determine this and get to the root of the problem i.e. the broken database server. It would deduce that because the database server, the REST server and the front-end server, all three are generating error messages, therefore the database server must be broken because the other two depend upon it to do their job. And now Event Management would trigger the Orchestration module to try to fix the database server automatically. We are going to cover Orchestration in a future post.

Just to be thorough, if the front-end server had broken down, the REST API and the database servers would not have generated any errors because they simply respond to requests from the front-end. So even if no requests come from the front-end (because the front-end server is broken), the REST server and the database server don't care and thus do not generate errors. They simply keep waiting for a request to come.

Using this "dependence" information, the Event Management module is able to deduce the root cause of the error messages.


Comments

Post a Comment

Popular posts from this blog

What are HAM and HAM Pro within ServiceNow ITAM module?

HAM stands for Hardware Asset Management. It is a sub-module of ITAM. The main purpose of HAM is to track a piece of hardware (laptop, computer etc.) throughout its entire lifecycle from procurement to retirement. The main reason for this tracking is to maximize return on investment. What does tracking mean? Tracking can involve things like, making sure that a leased piece of hardware is returned to the vendor on the due date because getting late, even by one day can give the leaser, the right to extend the lease at any price of his choice, costing the company, a lot of money. Tracking can also include making sure that a piece of hardware is retired as soon as its warranty ends because hardware failure would not only include repair/replacement cost for the company but could also cause huge data losses etc. In short, HAM is there to make sure that you're getting your money's worth. What is the difference between HAM and HAM Pro? HAM Pro is AI powered, supports mobile tools and s...
Read more

What is ServiceNow ITOM module? What are its submodules?

ITOM stands for IT Operations Management. The main purpose of ITOM is to keep an eye on the IT assets (e.g. servers, network and cloud services etc.) of a company and make sure that they remain operational by taking preventive measures to keep them from breaking down. For example, let's say, a company has a server, hosting their official website. And let's say, this server is about to run out of HDD space. ITOM is automatically going to take steps (like automatically deleting temporary files, junk files, old and out of date log file etc.) to free up space on the HDD before the server runs out of space and breaks down. ITOM would also automatically notify the concerned staff to take necessary steps from their end and solve the problem (perhaps by installing a second HDD or a newer, bigger one). In short, ITOM is there to keep an automatic eye on the IT assets of the company to make sure that they do not break down by taking preventive steps. You can think of ITOM as a problem-pr...
Read more

What are SAM and SAM Pro within the ServiceNow ITAM Module?

SAM stands for Software Asset Management. Again, the main purpose of SAM is to track the usage of Software assets to make sure that the company is getting its money's worth. Since software cost a lot of money. SAM is there to ensure that the company does not overspend on software licenses and in fact, saves money according to their software usage. For example, SAM might track a piece of software on a user's computer and finds out that it has not been used in more than 90 days. This would mean that the software is under-utilized. SAM would automatically revoke the user's license and mark it in the database as an unassigned license. So, in case some other user needs the same software, the company could simply assign that software license to this new user instead of buying a new license, thus saving money. In small companies, this might not seem like much but with companies with thousands of users, this sort of cost can add up really quick. How often does SAM check if a softwa...
Read more