**Introduction:**

In my previous article you saw how to create event rules, if you have not read that please go through it [Event Rules and Its Components](https://community.servicenow.com/community?id=community%5Farticle&sys%5Fid=577c52f9db3c9c905ed4a851ca961975). As promised in that article that i will explain CI binding in detail with some real time example in this article.

_**Why this CI binding is important?**_

* It helps in decision making for ITSM process owners if we are creating Task records like incident, problem,change,etc.
* It helps use to do analysis of Service which is impacted due to this alert.
* This also helps us to decide impact on other components of the application service.
* Also help us to go Alert aggregation and grouping.
* Last but not the least, if i want to do auto remediation like Orchestration then it helps us to get required details like IP address from the CI record.

So to achieve all this important point we are going to see few important use case for CI binding. Before we go to this i would like to tell you that i am going to use manually created application service. You can also convert existing business server to application service using this link:

This is important to understand the impact of the alert and how it is shown on Operator Workspace which will helps teams to make decision faster and work on multiple alerts quicker. So below is the Service which i created for this article:

_Note: I will be talking about Impact rules and impact tree in my next articles. Here is will be just showing the impact on upstream CIs when alert is generated on child CIs._

**Use Case:**

**1- CI Binding Using CI Host Name**

To test this we are going to use Postman to create event into ServiceNow. So to start with i am going to create alert on exitest01 ESXi host. You can also see in below sections that how the impact is highlighted when we create a alert on this host by using color codes.

* **JSON :**

{
“source”: “Testing”,
“description”: “We are Learning Event Management!”,
“message\_key”: “ESX-21may2020”,
“severity”: “2”,
“resource”:”Splunk”,
“type”: “Demo”,
“node”:”esxitest01″
}

* **Event Rule:**

This is explain in depth in my previous article for Event Rules. I just want to show here that this rule is used for this user case. Simple node to node mapping with host name.

* **Event Created:**

* **Service Map, Alert and its impact:**

Below image shows how the impact is propagated up when there is alert on Child CI’s.This is an operator workspace view which is very handy to deal with alerts and see CI and its impact.

* **YouTube Video Link:**

**2-CI Binding Using IP address**

In this case we are going to use the IP address of Windows Server (**WINSV-DAL-6006**) i.e. 37.200.246.144\. We are going to use the same event rule only the difference is instead of hostname in node field we are going to pass the IP address.

* **JSON:**

{
“source”: “Testing”,
“description”: “We are Learning Event Management!”,
“message\_key”: “Win-21may2020”,
“severity”: “2”,
“resource”:”Splunk”,
“type”: “Demo”,
“node”:”37.200.246.144″
}

* **Event created:**

Below is the screenshot which shows the processing note of event which proves that it has used IP address for CI binding. To see them you need to open event and go to processing note. This also shows which event rule was applied to create an alert out of it.

* **Service Map, Alert and its Impact:**

So here you can see that the Application Web Server and Database Server are impacted as they are running on this windows Server but the esxi host is not impacted because the ESXi does not depends on this windows Server. But in previous example you saw it the ESXi host is impacted then all Windows Server running on that ESXi host gets affected.

* **YouTube Video Link:**

**3-CI Binding using Host name from Description field**

In this use case we are going to see how to fect the host name from description field on event using regular expression and do CI binding. This event rule is explained in detail in my previous article so please go through it. Also note that we can also fetch mac address , ip address, fqdn name from the description field and do CI binding same as below.

* **Event Rule :**

* **JSON:**

{
“source”: “TestingFive”,
“description”: “Out of Space : Win-2020”,
“message\_key”: “Win20-21may2020”,
“severity”: “2”,
“resource”:”Splunk”,
“type”: “Demo”,
“node”:””
}

* **Event and Processing Notes:**

In above screen shot i have highlighted the description field which has node value in it, also the next field node is empty and last is alert generated for this event. Below are processing notes:

This image shows the name of event rule used and CI is binded using node name and which was fetched from description.

* **Service Map, Alert and its Impact:**

* **YouTube Video Link:** [https://youtu.be/aN7c\_1dzrE0 ](https://youtu.be/aN7c%5F1dzrE0)

**Concluding Comments:**

We saw how to use event rules to bind CI and how CI binding is possible using Hostname, IP Address and description field to fetch CI name. If you want to do binding using FQDN, Mac Address then it is possible with above use case for Hardware CIs only. As i don’t want to make this article to big i am splitting it into two parts. Here we saw CI binding for hardware CIs and with default CI binding mechanism. In all above event rule below was the binding section. But there are other use case with me which has to do binding with Web Servers applications and database servers,etc. In next article we will see how to do that in detail.

If you need to know something more about event rule and CI binding please comments and give suggestions if any.

**Thanks and Regards,**
**Ashutosh Munot**

**[ServiceNow MVP 2019/2020](https://community.servicenow.com/community?id=community%5Fblog&sys%5Fid=fb488720dbaacc504819fb2439961900)**

**[My Article and Blogs](https://community.servicenow.com/community?id=community%5Fuser%5Fprofile&user=2a131665db1c1fc09c9ffb651f9619fb)**

**[YouTube Channel](https://www.youtube.com/channel/UCf7bnvR3MOiJN5tDxLZPNuw?view%5Fas=subscriber)**