top of page

Understand Troubleshooting Results

Introduction | Log Analysis Form: Sections | Main | Root Cause and Remediation

IP Address Insights | ServiceNow Discovery | Credential Affinity Lookup

CMDB Lookup | IP Address Lookup | CMDB Tag Lookup

Discovery Admin Workspace - ServiceNow

Discovery Log | Device History | ECC Queue | (Pattern) SA Log History | SysIDs


Introduction


To understand the Troubleshooting Results, it is important to understand ALL the attributes on the Log Analysis Table.

These attributes are the foundation to correctly interpret the Troubleshooting Results and extend the capabilities of Discovery Admin.

The Log Analysis Table provides a 360-degree view into why an IP Address is not being discovered by ServiceNow Discovery.

Revisiting each of these attributes from the perspective of how they can be used, will transform how you contextualize the results of Discovery Admin for your ServiceNow Discovery Implementation.


EVERY Attribute on the Log Analysis Form has Hints to explain what the attribute is and how it can be used for enhancing Incident Error Codes (IECs), Dashboards, and Incident Generation.


Log Analysis Form: Sections


Attributes on the Log Analysis Form are contextually grouped and listed under multiple Sections on the form.


IMPORTANT: We recommend understanding the Hints on ALL the attributes on the Log Analysis Form corresponding to the Sections below. This is an important precursor for the enablement of Discovery Admin.



SECTION: Main (Top Section on the Form)


This section captures core attributes populated by Discovery Admin, which serve as a foundation for representing the corresponding log generated by ServiceNow Discovery.

It provides insights into the Incident Error Code, Error Code, Troubleshooting, and Scheduled Troubleshooting.


Group Attributes (v9.9)

Attributes Group 1, Group 2, Group 3, and Group 4 enable the:

  • Consolidation of multiple IECs

  • Business-Friendly Naming for IECs

  • Custom-Grouping of IECs for Reporting (for example: Discovered CIs and non-Discovered CIs) in the same Stacked Bar Graph)

These Group Attributes can be configured on the Incident Error Code Form and can have any values to support Customer Use Cases to help consolidate, override, extend, or clarify IECs, improving the overall observability and trend analysis.



SECTION: Root Cause and Remediation


This section captures the Root Cause and Remediation for why ServiceNow Discovery is failing on the specific IP Address.

It also captures a Summary of the IEC, which can be optionally configured, to provide additional context and clarity for the IEC.

The text in this section is also included in the Incident Description of Incident Generation is enabled for this IEC.



SECTION: IP Address Insights


This section captures insights for the IP Address with context to previous logs analyzed by the same Troubleshooting or previous Scheduled Troubleshooting(s).

This helps identify duplicate errors for the same IP Address, different errors on the same IP Address, IP Addresses responding to more than one protocol, and the number of consecutive times we have seen the same error on the same IP Address.



SECTION: ServiceNow Discovery


This section captures out-of-the-box attributes corresponding to ServiceNow Discovery Schedules and the corresponding Discovery Status generated.



SECTION: Credential Affinity Lookup


This section captures out-of-the-box attributes corresponding to multiple tables supporting Credential Affinity and a summary of the Credential Affinity, which is included in the Incident Description of Incident Generation is enabled for this IEC.


Use Case: Since this section highlights when the IP Address was successfully discovered, it can provide insights into if we are seeing errors due to Credential Rotation.


What is Credential Affinity:

  • Credential Affinity is a ServiceNow out-of-the-box feature.

  • Credential Affinity provides insights into which ServiceNow Discovery Credential was successfully used at this IP Address, using the same MID Server.

  • A successful ServiceNow Discovery creates a Credential Affinity record, so ServiceNow Discovery knows which credential to prioritize, the next time it attempts to discover an IP Address.

  • This significantly speeds up subsequent ServiceNow Discovery runs as it doesn't need to try other credentials configured in ServiceNow.

  • It also limits the possibility of credential lock-outs / perceived denial-of-service attacks, since there are fewer attempts of incorrect credentials.

  • Other credentials are attempted only if the credential corresponding to the Credential Affinity fails ServiceNow Discovery. In this case, a new Credential Affinity record will be created corresponding to the successful ServiceNow Discovery.

  • A Credential Affinity Record contains references to the Credential, the IP Address, the MID Server, and the Timestamp when the ServiceNow Discovery was successful.



SECTION: CMDB Lookup


This section captures insights into CI(s) in the CMDB that have the same IP Address as the one being discovered by ServiceNow Discovery. It takes advantage of the data in the CMDB which may be populated via previous runs of ServiceNow Discovery, Integrations, or Manual Imports and Updates.

The CMDB Lookup matches the IP Address populated in the IP Address attribute on the CI, enabling us to Enhance Troubleshooting Results by providing additional context for the IP Address by leveraging information already present in the CMDB.

The CMDB Lookup goes beyond the CI, providing insights into the attributes on the looked-up CI. It can also retrieve information from the Related Lists on the CI and other CIs related to this CI via CI Relationships. It can also retrieve information from CMDB Groups.

This additional information simplifies the remediation process as we have insights into what is present at the IP Address, which would otherwise be impossible to manually retrieve, at scale.


Starting in v9.9, Discovery Admin can also Track Successful Discovery, i.e., the most recent timestamp aligned with successful IP-based discovery, for that specific CI (as ServiceNow out-of-the-box attributes in the CMDB, like 'Discovery source' and 'Most recent discovery' do not accurately represent this information, especially for multi-source CMDBs)



SECTION: IP Address Lookup


This section captures insights into CI(s) in the CMDB that have the same IP Address as the one being discovered by ServiceNow Discovery.

However, the IP Address Table Lookup matches the IP Address populated in the IP Address attribute on the IP Address Table, not on the CI.

This IP Address is present on the CI Form on the IP Address Related List and via the Network Adaptor Related List.

This enables us to get insights into CIs that have MORE than one IP Address.

This additional information completely transforms the remediation process as we have insights into what is present at the IP Address, which would otherwise be impossible to manually retrieve, at scale.



SECTION: CMDB Tag Lookup (v9.9)


This section captures the following two types of Tag metadata from the Configuration Item (CI), identified via CMDB Lookup:

  • Tag (Label): Captures the tag label(s) associated with the Form Header of the referenced / looked-up CI.

  • Key Value: Captures the key‑value pairs in the Related List: 'Tag' of the referenced / looked-up CI.



SECTION: Discovery Admin Workspace - ServiceNow (v9.9)


This section retrieves the following relevant insights provided by the Discovery Admin Workspace (by ServiceNow)

  • Diagnostics Tab (Discovery Home)

This attribute provides a possible resolution of issues (if available) from within the Discovery Admin Workspace.

  • Insights Tab (Shazzam Status)

This attribute provides real-time context on active IPs, DNS details, and open ports.



SECTION: Discovery Log - ServiceNow


This section captures out-of-the-box attributes corresponding to the Discovery Log Table populated by ServiceNow Discovery.



SECTION: Device History - ServiceNow


This section captures out-of-the-box attributes corresponding to the Device History Table populated by ServiceNow Discovery.


This section also includes the attribute: Device IP Address Decimal

Device IP Address Decimal is the numeric representation of the Device IP Address. Here is how it's calculated:

Device IP Address = A.B.C.D

Device IP Address Decimal = (A*256*256*256) + (B*256*256) + (C*256) + (D)



SECTION: ECC Queue - ServiceNow


This section captures out-of-the-box attributes corresponding to the ECC Queue Table populated by ServiceNow Discovery.


Use Case: The ECC Queue Agent (MID Server) attribute in this Section can be used to highlight if we are seeing issues that are caused by a specific MID Server.


(Starting with v9.9) An XML tag is provided to the 'ECC Queue Payload' attribute to improve the readability of the large ECC Queue Payload.



SECTION: (Pattern) SA Log History - ServiceNow


This section captures out-of-the-box attributes corresponding to the SA Log History Table populated by ServiceNow Discovery.



SECTION: SysIDs


This section captures the SysID of all the tables referenced for this record, on the Log Analysis Table. The populated Reference Attributes on the Form can also be identified by the ServiceNow out-of-the-box (i) icon at the right of the Reference Field.


The Reference Attributes on the Log Analysis Form enable us to directly navigate to the Referenced Tables from the Log Analysis Table via the UI and simplify the retrieval of Attributes on the Referenced Tables.


Dot-walking to the Referenced Tables can be used for any of the use cases described above, including the use of Dynamic Filters on Dashboards for an interactive User Experience.


bottom of page