Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 11

ServiceNow Pull connector - Fetching Alert Severity Logic

Dear Thwack,

We are currently working on Solarwinds integration with ServiceNow using OOB pull connector.

By logic (my understanding), Servicenow connector  pull events

"FROM Orion.Events,

EventID, EventTime, NetworkNode, NetObjectID, EventType, Message, Acknowledged"

And Event Types table,,Severity value of Incident is defined based on Icon Values

'FROM Orion.EventTypes,

 EventType, Name, Icon, NotifyMessage,NotifySubject

But when it comes to custom alerts,, the event type will be mostly 5000, for which serverity cannot be mapped from Event types..

Any pointers available here,

Expected behaviour,

" Alert severity should be pulled by ServiceNow".

As per schema documentation ,Orion.AlertTriggered, shoul have all active alerts, but couldn't see any values on them


Labels (1)
Tags (1)
0 Kudos
6 Replies
Level 16

We use the pull connector which is the method from ServiceNow side as in our cases we are not allowed to have direct INCs created on ticketing platform..

The only prob is that it pulls all the events and then we need to write some rules in ServiceNow side to have only required events to be converted into alerts..
eventtype 5000 and 5001 are the 2 main events which gets generated for the alerts that you have congifured... this i got to know from 1 Thwack post and it worked for me..

Regd severity, yes its a prob.. all the alerts will come with severity Warning.. i m still checking as to how to get the right severity so that if there is an instance whwere a team wants to monitor the alerts in SNOW manually then they should be able to differentiate between severity...

Thanks @pratikmehta003 for the response, We are also planning to pull only 5000(alert Trigger) & 5001(Alert Reset) that will be managed while we create alert rules.

Severity is the concern for us too

0 Kudos

u can try to use the severity variable in the alert body and then try to parse on ServiceNow side..

we are going to try that sometime this week or next.. i will let u know if that works...

0 Kudos

we did the test of using severity variable in the alert message and then on ServiceNow the SME was able to put up the rule and make it work...

So critical comes as critical and warning and warning....

0 Kudos

I think alerttriggered is legacy from before they moved to web based alerts, at least I know I have never used it as part of any custom SWQL query I ever wrote.

If you want data about alerts I would recommend using a query like these as a starting point to see how the pieces come together so you can get exactly what you want..
- Marc Netterfield, Github
0 Kudos

@mesverrum, Thanks for the right directions.

I am thinking to interjoin below three Orion tables here to achieve my objective , but need help to concat the values

1. Orion.Events as [EV]
2. Orion.AlertObjects as [AO]
-> Connecting attribure [AO].EntityNetObjectId = concat ('[EV].NetObjectType'':''[EV].NetObjectID')
Sample-> EntityNetObjectId like AM:792
3.Orion.AlertConfigurations as [AC]
-> Connecting attribure [AC].AlertID = [AO].AlertID

Could you please, help how to concat values for [AO].EntityNetObjectId as mentioned above

0 Kudos