This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

ServiceNow Pull connector - Fetching Alert Severity Logic

Dear Thwack,

We are currently working on Solarwinds integration with ServiceNow using OOB pull connector.

By logic (my understanding), Servicenow connector  pull events

"FROM Orion.Events,

EventID, EventTime, NetworkNode, NetObjectID, EventType, Message, Acknowledged"

And Event Types table,,Severity value of Incident is defined based on Icon Values

'FROM Orion.EventTypes,

 EventType, Name, Icon, NotifyMessage,NotifySubject

But when it comes to custom alerts,, the event type will be mostly 5000, for which serverity cannot be mapped from Event types..

Any pointers available here,

Expected behaviour,

" Alert severity should be pulled by ServiceNow".

As per schema documentation ,Orion.AlertTriggered, shoul have all active alerts, but couldn't see any values on them

Parents
  • We use the pull connector which is the method from ServiceNow side as in our cases we are not allowed to have direct INCs created on ticketing platform..

    The only prob is that it pulls all the events and then we need to write some rules in ServiceNow side to have only required events to be converted into alerts..
    eventtype 5000 and 5001 are the 2 main events which gets generated for the alerts that you have congifured... this i got to know from 1 Thwack post and it worked for me..

    Regd severity, yes its a prob.. all the alerts will come with severity Warning.. i m still checking as to how to get the right severity so that if there is an instance whwere a team wants to monitor the alerts in SNOW manually then they should be able to differentiate between severity...
  • Thanks for the response, We are also planning to pull only 5000(alert Trigger) & 5001(Alert Reset) that will be managed while we create alert rules.

    Severity is the concern for us too

  • u can try to use the severity variable in the alert body and then try to parse on ServiceNow side..

    we are going to try that sometime this week or next.. i will let u know if that works...

Reply Children
  • we did the test of using severity variable in the alert message and then on ServiceNow the SME was able to put up the rule and make it work...

    So critical comes as critical and warning and warning....

  • Hi I am facing an issue whereby I have configured an event rule and populated severity correctly by firing a single event so I know the logic works. However, when I turn off the event mapping rules and fire events via the connector the severity field errors out with invalid value. Any info would be most helpful.
  • I've been trying this all day. Included the value in the NetPerfMon event that gets sent to ServiceNow. When I parse it out as lets say ${NewSeverity} and assign it to the default Severity value I am still getting all events 5000 and 5001 as "Warning". Any way you still recall what you did here?

    Thank you!