4 Replies Latest reply on Jun 21, 2018 5:22 AM by dmartzall

ServiceNow Event Management Integration with SolarWinds

xtraspecialj Sep 20, 2017 3:05 PM

I think I understand this, but I'm hoping somebody can let me know if I have this right.

We are currently in the process of moving to several ServiceNow products. The one I have questions about is SNOW Event Management, since that will be "in between" our monitoring systems and SNOW Incident Management. We don't want Orion opening/updating/closing tickets directly since the whole point of Event Management is to collect all of the alerts and events from our monitoring systems, then correlate them, and then act on them (i.e. create Incidents).

What I want confirmed is this: Since we don't want Orion Opening/Closing tickets for us, what we should do is add our ServiceNow Instance into the Orion settings page, then, on the final page of each alerts' "Edit Alert" wizard, at the very bottom, we should expand the "Alert Integration" section and fill that out with the fields we want it to send to our SNOW Instance (see screenshot below). What we should not do in SolarWinds is configure the Trigger/Reset Action called "ServiceNow Incident" for alerts since we don't need that feature. We just need to send a notification to SNOW whenever an alert is triggered and let SNOW Event Management decide what to do, correct?

Follow up question: Assuming I'm correct above, is it possible to have SNOW send API calls back to SolarWinds? For instance, if an alert is triggered in Orion and it notifies SNOW, and then that incident gets assigned to somebody and they fix the issue on their end and close the ticket, I assume there is a way for SNOW to send a "Reset Alert" API call back to SolarWinds, correct?

Re: ServiceNow Event Management Integration with SolarWinds

LadaVarga Sep 20, 2017 3:20 PM (in response to xtraspecialj)

Hello,

Unfornunately ServiceNow integration app is aimed for customer who want create/update/resolve incidents according Alerts. When alert is triggered and have defined Snow action it will create incident.
This Last page is only about posibility update incidents in SNow and alert in SolarWinds.

Why you can't use "SolarWinds Alerting" <-> "ServiceNow incident system" and skip that SNOW Event Management?

If you can't use direct way I recommend to use SolarWinds SDK(Orion SDK Information ) and connect to "SNOW Event Management" yourself. You can react for trigger/reset/ack etc.

Lada
Like (0)

Actions
- Re: ServiceNow Event Management Integration with SolarWinds
  
  xtraspecialj Sep 20, 2017 3:44 PM (in response to LadaVarga)
  
  OK, thanks for your response LadaVarga. That was fast.
  
  Why you can't use "SolarWinds Alerting" <-> "ServiceNow incident system" and skip that SNOW Event Management?
  Well, like I said in my post, having a monitoring system bypass Event Management and start creating tickets itself goes against the whole concept of Event Management... The point of Event Management is to point all of your monitoring systems (including SolarWinds) at it so that it can assimilate all of them and correlate them. It gets to see all of the events going on and decide what to do with all of them. With Event Management you have one place where you create all of your rules for creating incidents (among many other features of course). If you start letting your individual monitoring systems create incidents then not only did you waste money on Event Management software, you now have a bunch of places you need to setup ticket creation automation rules instead of one. That would be a nightmare.
  
  If you can't use direct way I recommend to use SolarWinds SDK(Orion SDK Information ) and connect to "SNOW Event Management" yourself. You can react for trigger/reset/ack etc.
  I'm pretty familiar with the SDK as it pertains to writing custom SWQL queries and powershell scripts, but as far as "connecting to SNOW Event Management" myself, what do you mean? The way the SNOW guys want to do it is to use what they call a "SolarWInds Connector" that will simply run a SQL query against our events table every two minutes. I'm not too enthused about this for several reasons. One, our Events table is quite massive and having a large SQL query like this run up against it every two minutes seems less than ideal. Another reason is that I don't like the idea that an event may not be picked up in their console for up to two minutes.
  
  Our current event management software accepts traps, so all of our alerts have a "Send a SNMP Trap" trigger/reset action, so it gets alerts pretty much instantly. Apparently SNOW can't receive traps this way. Is there a way using the Orion SDK that we can have it automatically push out a REST call to our SNOW Instance any time an alert is triggered? If so, how?
  
  Like (0)
  
  Actions
  - Re: ServiceNow Event Management Integration with SolarWinds
    
    dmartzall Jun 21, 2018 5:22 AM (in response to xtraspecialj)
    
    SNOW can receive trap messages, but there is a connector that uses the API to connect to the Event table and pull the most recent events. In our buildout I made alert actions that wrote to the event table, that meant these would have a different event type. I wrote a post about our experience yesterday. Integrating Monitoring Tools into ServiceNow Through Event Management
    
    Like (0)
    
    Actions
Re: ServiceNow Event Management Integration with SolarWinds

RichardLetts Sep 20, 2017 8:21 PM (in response to xtraspecialj)

I'm going to note that, atleast for our SNOW contract, their event management subsystem was an extra-cost item that was a lot of $$$$
so we skipped it.
Like (0)

Actions

Go to original post