Last modified on November 6, 2019

ServiceNow is an enterprise service management (ESM) platform that helps companies automate their business processes. AlertSite integration with ServiceNow lets you automatically create incidents in AlertSite when alerts are triggered in AlertSite. Once an alert clears, the corresponding ServiceNow incident is automatically closed.

Considerations

  • The integration was tested with ServiceNow Kingston.

  • The integration requires the Event Management plugin in ServiceNow.

  • The integration uses ServiceNow REST API to post events to the em_event table. If you use custom Access Control Lists (ACL), make sure the evt_mgmt_integration role has write access to this table.

  • Private Node Server locations support ServiceNow alerts starting from v. 2.1.4.

Create an integration user in ServiceNow

Start by creating a ServiceNow user with the evt_mgmt_integration role. AlertSite will use this user to connect to ServiceNow.

To create a user:

  1. Log in to your ServiceNow instance as an administrator.

  2. Navigate to System Security > Users and Groups > Users.

    Tip: Type Users into the filter navigator to quickly find the Users module.
  3. Click New to add a new user.

    ServiceNow: Users screen

    Click the image to enlarge it.

  4. Specify the user information:

    • User ID –alertsite

    • First name – AlertSite

    • Enter a Password for this user.

    • Select the Active and Web service access only check boxes.

    ServiceNow: Creating a user

    Click the image to enlarge it.

  5. Click Submit.

  6. Click the created user to edit it.

  7. At the bottom of the screen, under Roles, click Edit.

    ServiceNow: Edit user roles

    Click the image to enlarge it.

  8. In the list on the left, find and select the evt_mgmt_integration role, and click Add to move it to selected roles.

    ServiceNow: Adding the evt_mgmt_integration role to the user

    Click the image to enlarge it.

  9. Click Save.

Create ServiceNow alert recipient in AlertSite

AlertSite UXM

  1. Go to Alerts > Alert Recipients and click New Recipient.

  2. Fill in the fields:

    • Name – Give this recipient a name, for example, ServiceNow.

    • Recipient – Copy and paste the following URL, replacing <instancename> with your ServiceNow subdomain:

      https://<instancename>.service-now.com/api/now/table/em_event

    • Mode – Change to ServiceNow.

    • User and Password – Enter the username and password of the integration user you created in ServiceNow.

    Creating a ServiceNow alert recipient
  3. Click Add. Additional settings appear.

  4. Select Notify when the error has cleared to automatically close incidents in ServiceNow when an error condition clears in AlertSite.

    Parameters of a ServiceNow recipient

    Click the image to enlarge it.

  5. Configure other alerting settings as required. For a description of available settings, see Editing Recipients.

  6. Click Save to save the recipient configuration.

AlertSite 1.0

  1. Go to Notifiers > Notifiers and click Add Notifier.

  2. Fill in the fields:

    • Description – Give this recipient a name, for example, ServiceNow.

    • Send a(n) – Select ServiceNow.

    • To – Copy and paste the following URL, replacing <instancename> with your ServiceNow subdomain:

      https://<instancename>.service-now.com/api/now/table/em_event

    • Username and  – Enter the username and password of the integration user you created in ServiceNow.

  3. Select the Notify me when the error has cleared check box.

    Parameters of a ServiceNow recipient

    Click the image to enlarge it.

  4. Specify other alerting settings as required. For a description of available settings, see Editing Recipients.

  5. Click Submit in the top right corner.

Test the integration

To verify that AlertSite can communicate with ServiceNow, you can send a test alert from AlertSite.

AlertSite UXM

  1. In Alerts > Alert Recipients, click next to the ServiceNow recipient.

  2. Under Send Test Notification, select a location from the list and click Send.

    Sending a test alert to ServiceNow
  3. You should see Test notification below successfully generated!

AlertSite 1.0

  1. In the ServiceNow recipient configuration, under Test Notifier, select a location from the list and click Send a test notification from.

    Testing ServiceNow integration
  2. You should see Test message successfully generated.

If the test alert could not be sent, double-check your ServiceNow recipient configuration in AlertSite.

You can see this test notification in Event Management > All Events in ServiceNow:

A test event in ServiceNow

Click the image to enlarge it.

Note: “Send test notification” generates a “clear” event in ServiceNow which will not trigger alerts or incidents.

How the integration works

AlertSite integrates with ServiceNow

Click the image to enlarge it.

AlertSite communicates with ServiceNow via ServiceNow Event Management API. Each AlertSite monitor alert creates an event in ServiceNow Event Management. An event is defined as a notification from a monitoring tool that something has happened.

Events are uniquely identified by their message key. AlertSite generates message keys for availability and performance alerts in the following format:

AlertSite-{MONITOR ID}-{MONITOR NAME}-Availability-{LOCATION}-Availability

AlertSite-{MONITOR ID}-{MONITOR NAME}-Performance-{STEP NAME}-{METRIC}

ServiceNow has event rules in place that create alerts for events that are considered important. Events with the same message key (such as AlertSite monitor alerts from a particular monitor and location) are aggregated into the same ServiceNow alert.

Alerts, in their turn, automatically create incidents for someone to investigate the issue. By default, incidents are created by the built-in rule “create incidents from critical alerts”, but you can also create custom event rules and alert rules in ServiceNow.

“Clear” events from AlertSite have the same message key as error notifications, and will automatically close the corresponding alert and incident in ServiceNow. Subsequent error events with the same message key will reopen the existing ServiceNow alert (if any) but create a new incident.

View incidents, alerts and events in ServiceNow

Use the Service Desk > Incidents screen in ServiceNow to view the incidents created from AlertSite alerts. These incidents can be identified by Caller = Event Management and description in the format Status <code> - <description>. From there, you can assign the incident to a specific user.

AlertSite alert data in ServiceNow events

Click the image to enlarge it.

In the incident details, the Related Links > Alerts panel contains a link to the ServiceNow alert that triggered this incident. The Metric Name of the alert indicates the AlertSite alert type – availability or performance (response time threshold violation).

ServiceNow incident: Related Links

Click the image to enlarge it.

Alerts, in their turn, contain links to individual events that correspond to AlertSite monitor alerts. Events with the same message key are all linked to the same ServiceNow alert.

ServiceNow alert: event links

Click the image to enlarge it.

Events include Additional Information containing AlertSite-specific data. For a description of these data fields, see Alert Data Fields.

AlertSite alert data in ServiceNow events

Click the image to enlarge it.

The fields from Additional Information can be used in ServiceNow event rules and alert rules along with the standard fields.

ServiceNow event rule configuration

Click the image to enlarge it.

(Optional) Customize AlertSite alert templates

By default, AlertSite alerts include just a subset of available data fields. If needed, you can create custom alert templates that include additional fields, such as monitor-specific notes ($ALERT_NOTE) or a link to AlertSite monitor run results ($STATUS_LINK). Additional data fields may be useful in ServiceNow event rules and alert rules.

AlertSite UXM

To create or edit ServiceNow templates, go to Alerts > Template Editor and filter the templates by Delivery Method: Json. ServiceNow templates are labeled as ServiceNow in the Delivery Method column. There are separate templates for errors and ”clear“ notifications, for availability and performance alerts.

AlertSite alert templates for ServiceNow

Click the image to enlarge it.

AlertSite 1.0

To create or edit ServiceNow templates, go to Notifiers > Notifiers and click Manage Notification Templates. There are separate templates for errors and ”clear“ notifications, for availability and performance alerts. ServiceNow templates have the following Message Type:

  • Site Error via ServiceNow (JSON format)
  • Site Error Clear via ServiceNow (JSON format)
  • Performance Error via ServiceNow (JSON format)
  • Performance Error Clear via ServiceNow (JSON format)
AlertSite alert templates for ServiceNow

Click the image to enlarge it.

See Create a Template for the step-by-step instructions and Template Variables for a list of variables that can be used in ServiceNow templates.

The template contents must follow the expected format described in the ServiceNow documentation for Event collection via web service API. Custom fields may be included in additional_info.

For the custom alert templates to have effect, you will need to create a recipient group that would combine the monitors, ServiceNow recipient, and your custom templates.

See Also

AlertSite Integrations
Alerts

Highlight search results