In our previous blog we explored how to send Aria Operations Alerts to ServiceNow as Incidents, but we weren't able to populate the Configuration Item (CI) of Incidents, which is potentially the most important field available. So, how are we going to do that, Webhooks!
Go to Configure - Alerts - Payload Templates and create a new one, mine looks like this.
The most interesting part of this is the payload itself:
The list of Parameters available is on the far right, I'm using 8 total to populate my payload, these map Operations Alert variables to ServiceNow Incident fields. To get the ServiceNow Incident field names you can explore the Incidents table itself.
Selecting the Column Label will give you the details, for example the Column name for Caller is actually "caller_id".
You can do this to map all available parameters in your payload, the most important in our case is cmdb_ci which we fill with the $RESOURCE_NAME variable of the Operations Alert. Looking closely, our payload looks like this.
Now that we have our payload template, let's setup our Webhook Notification, go to Configure - Alerts - ADD, mine looks like this.
I'm using the ServiceNow Incident API endpoint documented here in my Url.
Next let's create a Notification Rule to use our Webhook method and the Payload Template we created previously. Go to Configure - Alerts - ADD to create your Notification Rule, mine looks like this.
Once triggered, we now have our CIs!
Now, in order to update/cancel these later, we'll need the AlertID in the Short Description field, so let's add it.
This adds the Alert Definition and Alert ID to the Short Description field of the Incident, which we will use later on to cancel that same Incident. So now when the Operations Alert triggers a ServiceNow Incident will be opened like this.
Now to cancel this Incident we will use the ServiceNow Plugin along with a Notification Rule that looks like this.
This tells Operations to update the ServiceNow Incident with State=8, which is Canceled. Let's test it, just to confirm, these are the only two Notification Rules currently enabled.
As you can see, we open the ServiceNow Incident with the Webhook and cancel it with the Plugin, let's test. Here are my Operations Alerts on the top and corresponding ServiceNow Incidents on the bottom.
Now let's cancel those Operations Alerts and see what happens with the ServiceNow Incidents.
There we have it! The Operations Alerts were canceled on the top (indicated by the dimmed lightbulb and Status of Inactive) which in turn canceled the corresponding ServiceNow Incidents.
The Aria Operations and ServiceNow integrations are very powerful, in our next blog we'll explore ServiceNow Events based on Aria Operations Alerts using the Management Pack for ServiceNow.
Opmerkingen