How to use dynamic fields in Event Transform Rules / Incident Templates?

steve_bothin
Kilo Explorer

‎04-22-2015 01:15 PM

Hello Community,

I'd like to use Event Transform Rules to get out of the Additional Information field "additional_info" of an event (received via MID Server - SNMP Trap Collector) different seperate values using regular expressions.

Based on wiki http://wiki.servicenow.com/index.php?title=Configuring_Event_Management#Processing_Events_with_Event...

I know that I can use such dyn. attributes by ${myfield}.

field                                                 regexpr                   mapping

---------------------------------------------------------------

additional_info                   abc(.*)def         myfield

I also know that those attributes are not stored in event table, but how I can use them in my Incident Template for e.g. creating a custom incident description?

Addressing them by ${myfield} will not work. Also I miss some error output.
Is there a way to enable somehow debug mode and access any logging?

Thanks for any hints.

Regards,

Steve

Labels:
0 Helpfuls
  • 2,732 Views
6 REPLIES 6

Tony Branton
ServiceNow Employee
ServiceNow Employee
In response to flash0222

‎08-23-2015 05:56 PM

Hi Brad,



Today in Fuji, Transform or Mapping Rules won't help in this scenario.   Mapping rules don't offer string manipulation functions - it's purely a static mapping between name:value pairs in an event and the target field in an alert.   Transform rules allow you to either statically set a field value or set a value by concatenating strings (e.g. a name:value pair + "some text" + ...).



More elaborate processing requires a business rule and JavaScript.   You could create a business rule that executes "before insert" on the incoming event (em_event table), extract the data you want, set it to the field values in the event record and then let Event Management's standard processing take over.   Be sure to define a condition for the business rule so that it only executes for the events that require it, otherwise you'll impact event processing performance.   I strongly recommend first assessing the volume of events before adopting this approach.



Another alternative is to modify the processing being done on the log file so that the name:value pairs are correctly set to begin with   then you can use a Transform rule to process the resulting SNMP trap without risk of potentially impacting the performance of your instance.


0 Helpfuls

aray
Giga Contributor
In response to flash0222

‎08-28-2015 02:06 PM

Hi Brad,



You may want to check out Evanios Integrations in the appstore.     This is an add-on integration product for ServiceNow Event Management designed to help accelerate event integrations.   It has a "detect" rule type that can help translate and parse complex strings or traps, it was pretty much built for the scenario you describe....



https://store.servicenow.com/$appstore.do#!/store/application/d1f87aea0ff231001d1c059ce1050ef1



Good luck!


0 Helpfuls