ServiceNow Incident prioritization and routing with event management and event scoring

ServiceNow Incident Prioritization and Routing via Event Management


One of the key benefits of Evanios event management is the capacity for accurate ServiceNow incident prioritization and routing to the right support group. Theoretically this is an easy task, but traditional event management solutions have been struggling to get it right for decades.

ServiceNow Incident prioritization and routing – why is it complex?

Here are some of the reasons why incident prioritization and routing can be so complex:


  1. Since technology is getting more and more complex, applications can be supported by many different (overlapping) groups. For example, the OS is supported by the system team, the database by the database team, the backup jobs  by yet another group, etc. Getting the right incident to the right person (to avoid spamming the entire team) requires careful planning.
  2. Monitoring solutions cross many disciplines. As an example, Solarwinds can monitor the OS, the network and the database. Defining that any event originating from Solarwinds should be routed to the network team, or any event from New Relic should be routed to the application team was a valid approach 10 years ago, but the approach is much more nuanced now.
  3. In some cases, each component of the same server needs to be routed differently. For example, a C: drive alert needs to be routed to the OS team, while a D: drive alert would be routed to the application team.


  1. Monitoring solutions tend to send similar severity alerts despite the importance of the specific offending event. For example, a CPU high usage warning will have the same critical severity as an application down event.
  2. With clustering and fully redundant components, incident prioritization can be quite tricky. For example, if one side of a cluster is down a P2 incident should be created, but if both sides of a cluster are down then a P1 incident should be created.
  3. With virtualization and instances getting created and destroyed constantly, the same “type” of failure can indicate different levels of business impact.


ServiceNow Incident prioritization and routing – Solution

The only way to solve these incident prioritization and routing dilemmas is by correlating event data with ITSM settings. Without that level of correlation, incident prioritization and routing becomes guess work.

An enterprise class event manager built directly on ServiceNow, Evanios Operations leverages CMDB, Incident, Problem, Change Management, Orchestration, Notify and other native processes. Consequently, this event management solution offers of the box functionality (no coding required, no separate tool to learn) that allows you to route and prioritize incidents accurately.

Let’s look at a few examples.

In our first example, the incident group is automatically populated from the CI support group. Prioritization of the CI is directly driven from the severity of the events, correlated with the CMDB settings.

ServiceNow Incident Prioritization - CI-support-group-classification



ServiceNow Incident Prioritization -routing



In the second example, a D: drive event was routed automatically to the Application support group.


ServiceNow Incident Prioritization CI-Drive




ServiceNow Incident Prioritization -drive


The other component in incident prioritization is event scoring. Evanios’ native integration to ServiceNow enriches events with their service impact, automatically scoring events for prioritization and making it easy to determine if an incident should marked as P1, P2, P3 or P4. Events with higher score will indicate a greater impact to the business while low scoring events take a lower priority.


ServiceNow Incident Prioritization event-scoring


In order to route incidents to the right group and set the correct priority level, your event management tool needs to leverage ITSM data to make smarter decisions. It also needs to include algorithms that automatically score events according to the impact of the failure.