Auto-Closing Incidents Triggered by Logic Monitor Integration
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
5 hours ago
Hello All,
We are experiencing an issue with Incidents created through the Logic Monitor integration. These incidents are generated for collector failovers, and the failover details are included in the Incident description.
When the failover is restored, Logic Monitor sends a notification, which is added as a work note to the Incident (e.g., indicating that the failover is back online for the collector). However, the Incident is not automatically closing based on this update.
Currently, users are manually closing these incidents, and when the same collector goes down again, the Incident is reopening as expected. If I implement an auto-close mechanism, it should not interfere with this expected reopen behavior, even if the Incident is in a closed state.
Is there a recommended approach to configure these Incidents to auto-close when a specific work note is added by the Logic Monitor integration (for example, when the work notes states that the failover has been resolved and the collector is back online)?
Any guidance or best practices would be greatly appreciated. Thank you!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
5 hours ago
My thoughts:
| Step | Description | Key Details |
| Trigger | Use a After Update Business Rule on Incident table | Trigger only on updates, check if work note was added |
| Work Note Condition | Check latest work note content for phrases like "failover has been resolved" or "collector is back online" | Filter by Logic Monitor user or integration user ID to avoid false triggers |
| Auto-Close Action | Update Incident state to Closed (state = 7) with close code and close notes | Set close_code, close_notes with context on auto-closure |
| Preserve Reopen Behavior | Do not alter incident reopen logic; allow incidents to reopen on new failover events | Auto-close only on recognized resolution work note; reopening is unaffected |
| Audit & Traceability | Optionally add comments for traceability | Helps audit who/when incident was auto-closed |
If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 hours ago
Thank you for the information,
Can you please help me with the following:
I am creating a Business Rule. Could you please clarify whether I need to add a query to filter the incidents so that the rule only applies to those where the work notes contain the phrase “failover is back online for the collector”?
If a query is required, how should I structure it to filter incidents based on that condition? If it is not required, what would be the best way to achieve this functionality within the Business Rule?
Laxma.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 hours ago
You can mention in the Flow trigger that the Resolution Note should include:
“Failover is back online for the collector”.
Then, update the state via the same flow.
If my response proves useful, please indicate its helpfulness by selecting " Accept as Solution" and " Helpful." This action benefits both the community and me.
Regards
Dr. Atul G. - Learn N Grow Together
ServiceNow Techno - Functional Trainer
LinkedIn: https://www.linkedin.com/in/dratulgrover
YouTube: https://www.youtube.com/@LearnNGrowTogetherwithAtulG
Topmate: https://topmate.io/atul_grover_lng [ Connect for 1-1 Session]
****************************************************************************************************************
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 hours ago
yes in script you can get the work notes latest value and check the index and search your text
BR: After Update
Condition: Work Notes Changes
Script:
(function executeRule(current, previous /*null when async*/ ) {
// Add your code here
var worknotes = current.work_notes.getJournalEntry(1);
if (worknotes.indexOf('failover is back online for the collector') > -1 || worknotes.indexOf('other text to search') > -1) {
// your logic
}
})(current, previous);If my response helped please mark it correct and close the thread so that it benefits future readers.
Ankur
✨ Certified Technical Architect || ✨ 9x ServiceNow MVP || ✨ ServiceNow Community Leader
