ServiceNow Integration

• The integration was tested with ServiceNow Kingston.

• The integration requires the Event Management plugin in ServiceNow.

• The integration uses ServiceNow REST API to post events to the em_event table. If you use custom Access Control Lists (ACL), make sure the evt_mgmt_integration role has write access to this table.

• Private Node Server locations support ServiceNow alerts starting from v. 2.1.4.

Start by creating a ServiceNow user with the evt_mgmt_integration role. AlertSite will use this user to connect to ServiceNow.

To create a user:

1. Log in to your ServiceNow instance as an administrator.

2. Navigate to System Security > Users and Groups > Users.

   Tip:	Type Users into the filter navigator to quickly find the Users module.

3. Click New to add a new user.

   

   Click the image to enlarge it.

4. Specify the user information:

   • User ID – alertsite

   • First name – AlertSite

   • Enter a Password for this user.

   • Select the Active and Web service access only check boxes.

   

   Click the image to enlarge it.

5. Click Submit.

6. Click the created user to edit it.

7. At the bottom of the screen, under Roles, click Edit.

   

   Click the image to enlarge it.

8. In the list on the left, find and select the evt_mgmt_integration role, and click to move it to selected roles.

   

   Click the image to enlarge it.

9. Click Save.

To verify that AlertSite can communicate with ServiceNow, you can send a test alert from AlertSite.

If the test alert could not be sent, double-check your ServiceNow recipient configuration in AlertSite.

You can see this test notification in Event Management > All Events in ServiceNow:

Click the image to enlarge it.

Click the image to enlarge it.

AlertSite communicates with ServiceNow via ServiceNow Event Management API. Each AlertSite monitor alert creates an event in ServiceNow Event Management. An event is defined as a notification from a monitoring tool that something has happened.

Events are uniquely identified by their message key. AlertSite generates message keys for availability and performance alerts in the following format:

ServiceNow has event rules in place that create alerts for events that are considered important. Events with the same message key (such as AlertSite monitor alerts from a particular monitor and location) are aggregated into the same ServiceNow alert.

Alerts, in their turn, automatically create incidents for someone to investigate the issue. By default, incidents are created by the built-in rule “create incidents from critical alerts”, but you can also create custom event rules and alert rules in ServiceNow.

“Clear” events from AlertSite have the same message key as error notifications, and will automatically close the corresponding alert and incident in ServiceNow. Subsequent error events with the same message key will reopen the existing ServiceNow alert (if any) but create a new incident.

Use the Service Desk > Incidents screen in ServiceNow to view the incidents created from AlertSite alerts. These incidents can be identified by Caller = Event Management and description in the format Status <code> - <description>. From there, you can assign the incident to a specific user.

Click the image to enlarge it.

In the incident details, the Related Links > Alerts panel contains a link to the ServiceNow alert that triggered this incident. The Metric Name of the alert indicates the AlertSite alert type – availability or performance (response time threshold violation).

Click the image to enlarge it.

Alerts, in their turn, contain links to individual events that correspond to AlertSite monitor alerts. Events with the same message key are all linked to the same ServiceNow alert.

Click the image to enlarge it.

Events include Additional Information containing AlertSite-specific data. For a description of these data fields, see Alert Data Fields.

Click the image to enlarge it.

The fields from Additional Information can be used in ServiceNow event rules and alert rules along with the standard fields.

Click the image to enlarge it.

By default, AlertSite alerts include just a subset of available data fields. If needed, you can create custom alert templates that include additional fields, such as monitor-specific notes ($ALERT_NOTE) or a link to AlertSite monitor run results ($STATUS_LINK). Additional data fields may be useful in ServiceNow event rules and alert rules.

AlertSite UXM

AlertSite 1.0

AlertSite UXM

To create or edit ServiceNow templates, go to Alerts > Template Editor and filter the templates by Delivery Method: Json. ServiceNow templates are labeled as ServiceNow in the Delivery Method column. There are separate templates for errors and ”clear“ notifications, for availability and performance alerts.

Click the image to enlarge it.

AlertSite 1.0

To create or edit ServiceNow templates, go to Notifiers > Notifiers and click Manage Notification Templates. There are separate templates for errors and ”clear“ notifications, for availability and performance alerts. ServiceNow templates have the following Message Type:

• Site Error via ServiceNow (JSON format)
• Site Error Clear via ServiceNow (JSON format)
• Performance Error via ServiceNow (JSON format)
• Performance Error Clear via ServiceNow (JSON format)

Click the image to enlarge it.

See Create a Template for the step-by-step instructions and Template Variables for a list of variables that can be used in ServiceNow templates.

The template contents must follow the expected format described in the ServiceNow documentation for Event collection via web service API. Custom fields may be included in additional_info.

For the custom alert templates to have effect, you will need to create a recipient group that would combine the monitors, ServiceNow recipient, and your custom templates.