• State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 41 subscribers
  • Views 326 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

SolarWinds/ServiceNow API On-Call Issue

Esnd-Mitch

Backstory:

My company currently has an on-call setup with ServiceNow where if there is an incident about a device that is a firewall, router, switch or AP, someone in the NOC will receive a call if that device goes down. Previously, we used an email intake rule with ServiceNow that would take email alerts from SolarWinds and generate an incident. 

The way our on-call business rule works is that if the ServiceNow incident is assigned to the NOC team and the "assigned to" field is empty, it will trigger a call. Which is how the system would work. An access point would go down, and an incident would be created in ServiceNow assigned to the NOC, and a NOC team member would get called, we would accept the call and the ticket would be assigned to whoever in the NOC accepted it. 

This worked well when we were using the email intake rule. If a device went down and then went back up, we would manually set the incident to "resolved". If that same device went down again, a new incident would be created, and the NOC would get called again. 

We saw that there was an auto-resolve feature with the SolarWinds/ServiceNow API and were interested in enabling it, so we did. 

The issue:

The API resolves an incident when noticing that a device has come back up and the alert has been reset. When the device goes down again that same incident is reopened again, keeping whoever was assigned to the incident. Our on-call will not trigger since someone is already assigned to the incident. 

Does anyone have a solution for this? 

  • 0

    Are you using the ServiceNow integration to create incidents from your alerts?  If so, are you auto-resolving by setting the State Management: Reset State = Resolved?  You may need to set the state to Closed.  I believe that'll generate a new incident the next time the alert triggers.

    https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-servicenow-how-it-works.htm

    If you need to set the status to Resolved, you will probably want to modify the ServiceNow configuration properties.  Add "6" to the Closing states.

    This is the route we took where I work.  If the technical support person Resolves the incident, we want to generate a new incident the next time the alert is triggered.

  • 0 in reply to lorenrichardson

    Thanks lorenrichardson. The way you solved it looks interesting; I didn't know that was an option. 

    The way I ended up solving this is by setting the reset state to "closed". After doing that I ran into another problem with not being able to add notes in ServiceNow for a closed ticket. I talked to our ServiceNow admin and she enabled "Work notes" for closed incidents. 

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 200,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification SolarWinds Lab Link Customer Portal
About THWACK SolarWinds Blog Federal & Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2021 SolarWinds Worldwide, LLC. All Rights Reserved.