Trying to raise incident if query returns no records

Ken Berger · ‎02-21-2024

Hi folks,

I have a script that raises an incident based on incoming JSON. Sometimes the source will send the same JSON message repeatedly (essentially for the same alert) as it tries the same function over and over. This is raising repeated incidents for the same issue. We are also capturing these alerts to a table. I have added a query to see if there are records matching that were created within the last day and what I am trying to do is only raise an incident if there are no matching records within the last day. I have the below script but it is not raising any incidents at all.

(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {

	var bodyString = request.body.dataString + '';
    var requestObj = JSON.parse(bodyString + '');
	var bodyStringClass = bodyString.split('class":"')[1].split('"')[0];
	
	var strQuery = strQuery =  "sys_created_onRELATIVEGT@dayofweek@ago@1^u_summary=" + requestObj.summary + "^u_objectname=" + requestObj.custom_details.objectName + "^u_clusterid=" + requestObj.custom_details.clusterId + "^u_objectid=" + requestObj.custom_details.objectId + "^u_objecttype=" + requestObj.custom_details.objectType + "^u_audituserid=" + requestObj.custom_details.auditUserId;
	
	var incCheck = new GlideRecord('u_rubrik_notifications');	
	incCheck.addEncodedQuery(strQuery);
	
	if (incCheck.query().length == 0){
	
		var grIncident = new GlideRecord('incident');
		grIncident.initialize();

		switch(requestObj.severity){
			case "info": 
				grIncident.impact = 3;
				grIncident.urgency = 3;
				break;
			case "warning": 
				grIncident.impact = 3;
				grIncident.urgency = 2;
				break;
			case "error": 
				grIncident.impact = 2;
				grIncident.urgency = 1;
				break;
			case "critical": 
				grIncident.impact = 1;
				grIncident.urgency = 1;			
		}
		
		grIncident.caller_id = 'Rubrik SA';
		grIncident.assignment_group = '56a6aad0db9f17805ec57dfdae96192d';
		grIncident.category = 'Software';
		grIncident.subcategory = 'Rubrik';
		grIncident.short_description = requestObj.summary;
		grIncident.description = "Please see the details of this event below: \n" + ( requestObj.summary !== "" ?  "\n Summary: " + requestObj.summary : "") + ( requestObj.source !== "" ?  "\n Source: " + requestObj.source : "")  + ( bodyStringClass !== "" ?  "\n Class: " + bodyStringClass : "") + ( requestObj.severity  !== "" ?  "\n Severity: " + requestObj.severity : "") + ( requestObj.custom_details.id  !== "" ?  "\n ID: " + requestObj.custom_details.id : "") + ( requestObj.custom_details.seriesId  !== "" ?  "\n Series ID: " + requestObj.custom_details.seriesId : "") + ( requestObj.custom_details.type  !== "" ?  "\n Type: " + requestObj.custom_details.type : "")	+ ( requestObj.custom_details.objectId  !== "" ?  "\n Object ID: " + requestObj.custom_details.objectId : "") + ( requestObj.custom_details.objectName  !== "" ?  "\n Object Name: " + requestObj.custom_details.objectName : "")	+ ( requestObj.custom_details.objectType  !== "" ?  "\n Object Type: " + requestObj.custom_details.objectType : "") + ( requestObj.custom_details.status  !== "" ?  "\n Status: " + requestObj.custom_details.status : "") + ( requestObj.custom_details.clusterId  !== "" ?  "\n Cluster ID: " + requestObj.custom_details.clusterId : "") + ( requestObj.custom_details.clusterName  !== "" ?  "\n Cluster Name: " + requestObj.custom_details.clusterName : "") + ( requestObj.custom_details.eventName  !== "" ?  "\n Event Name: " + requestObj.custom_details.eventName : "") + (requestObj.custom_details.errorId  !== "" ?  "\n Error ID: " + requestObj.custom_details.errorId : "") + ( requestObj.custom_details.errorCode  !== "" ?  "\n Error Code: " + requestObj.custom_details.errorCode : "") + ( requestObj.custom_details.errorRemedy  !== "" ?  "\n Error Remedy: " + requestObj.custom_details.errorRemedy : "") + ( requestObj.custom_details.errorReason  !== "" ?  "\n Error Reason: " + requestObj.custom_details.errorReason : "") + ( requestObj.custom_details.auditUserName  !== "" ?  "\n Audit User Name: " + requestObj.custom_details.auditUserName : "") + ( requestObj.custom_details.auditUserId  !== "" ?  "\n Audit User ID: " + requestObj.custom_details.auditUserId : "") + ( requestObj.custom_details.location  !== "" ?  "\n Location: " + requestObj.custom_details.location : "") + ( requestObj.custom_details.url  !== "" ?  "\n URL: " + requestObj.custom_details.url : "") + "\n\nBelow is the full JSON message: \n" + JSON.stringify(requestObj).split(",").join(",\n");
		
		grIncident.insert();
		gs.info(request.body.dataString);
	}		

})(request, response);

Not sure if my query is broken or if my if statemnt or something else, but any help is appreciated.

Thanks,

Ken

Harshad Wagh · ‎02-21-2024

pls try below

(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {

	var bodyString = request.body.dataString + '';
    var requestObj = JSON.parse(bodyString + '');
	var bodyStringClass = bodyString.split('class":"')[1].split('"')[0];
	
	var strQuery = strQuery =  "sys_created_onRELATIVEGT@dayofweek@ago@1^u_summary=" + requestObj.summary + "^u_objectname=" + requestObj.custom_details.objectName + "^u_clusterid=" + requestObj.custom_details.clusterId + "^u_objectid=" + requestObj.custom_details.objectId + "^u_objecttype=" + requestObj.custom_details.objectType + "^u_audituserid=" + requestObj.custom_details.auditUserId;
	
	var incCheck = new GlideRecord('u_rubrik_notifications');	
	incCheck.addEncodedQuery(strQuery);
	incCheck.query();
	if (!incCheck.hasNext()){
	
		var grIncident = new GlideRecord('incident');
		grIncident.initialize();

		switch(requestObj.severity){
			case "info": 
				grIncident.impact = 3;
				grIncident.urgency = 3;
				break;
			case "warning": 
				grIncident.impact = 3;
				grIncident.urgency = 2;
				break;
			case "error": 
				grIncident.impact = 2;
				grIncident.urgency = 1;
				break;
			case "critical": 
				grIncident.impact = 1;
				grIncident.urgency = 1;			
		}
		
		grIncident.caller_id = 'Rubrik SA';
		grIncident.assignment_group = '56a6aad0db9f17805ec57dfdae96192d';
		grIncident.category = 'Software';
		grIncident.subcategory = 'Rubrik';
		grIncident.short_description = requestObj.summary;
		grIncident.description = "Please see the details of this event below: \n" + ( requestObj.summary !== "" ?  "\n Summary: " + requestObj.summary : "") + ( requestObj.source !== "" ?  "\n Source: " + requestObj.source : "")  + ( bodyStringClass !== "" ?  "\n Class: " + bodyStringClass : "") + ( requestObj.severity  !== "" ?  "\n Severity: " + requestObj.severity : "") + ( requestObj.custom_details.id  !== "" ?  "\n ID: " + requestObj.custom_details.id : "") + ( requestObj.custom_details.seriesId  !== "" ?  "\n Series ID: " + requestObj.custom_details.seriesId : "") + ( requestObj.custom_details.type  !== "" ?  "\n Type: " + requestObj.custom_details.type : "")	+ ( requestObj.custom_details.objectId  !== "" ?  "\n Object ID: " + requestObj.custom_details.objectId : "") + ( requestObj.custom_details.objectName  !== "" ?  "\n Object Name: " + requestObj.custom_details.objectName : "")	+ ( requestObj.custom_details.objectType  !== "" ?  "\n Object Type: " + requestObj.custom_details.objectType : "") + ( requestObj.custom_details.status  !== "" ?  "\n Status: " + requestObj.custom_details.status : "") + ( requestObj.custom_details.clusterId  !== "" ?  "\n Cluster ID: " + requestObj.custom_details.clusterId : "") + ( requestObj.custom_details.clusterName  !== "" ?  "\n Cluster Name: " + requestObj.custom_details.clusterName : "") + ( requestObj.custom_details.eventName  !== "" ?  "\n Event Name: " + requestObj.custom_details.eventName : "") + (requestObj.custom_details.errorId  !== "" ?  "\n Error ID: " + requestObj.custom_details.errorId : "") + ( requestObj.custom_details.errorCode  !== "" ?  "\n Error Code: " + requestObj.custom_details.errorCode : "") + ( requestObj.custom_details.errorRemedy  !== "" ?  "\n Error Remedy: " + requestObj.custom_details.errorRemedy : "") + ( requestObj.custom_details.errorReason  !== "" ?  "\n Error Reason: " + requestObj.custom_details.errorReason : "") + ( requestObj.custom_details.auditUserName  !== "" ?  "\n Audit User Name: " + requestObj.custom_details.auditUserName : "") + ( requestObj.custom_details.auditUserId  !== "" ?  "\n Audit User ID: " + requestObj.custom_details.auditUserId : "") + ( requestObj.custom_details.location  !== "" ?  "\n Location: " + requestObj.custom_details.location : "") + ( requestObj.custom_details.url  !== "" ?  "\n URL: " + requestObj.custom_details.url : "") + "\n\nBelow is the full JSON message: \n" + JSON.stringify(requestObj).split(",").join(",\n");
		
		grIncident.insert();
		gs.info(request.body.dataString);
	}		

})(request, response);

.lenght on glidequery may not work

View solution in original post

Harshad Wagh · ‎02-21-2024

pls try below

(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {

	var bodyString = request.body.dataString + '';
    var requestObj = JSON.parse(bodyString + '');
	var bodyStringClass = bodyString.split('class":"')[1].split('"')[0];
	
	var strQuery = strQuery =  "sys_created_onRELATIVEGT@dayofweek@ago@1^u_summary=" + requestObj.summary + "^u_objectname=" + requestObj.custom_details.objectName + "^u_clusterid=" + requestObj.custom_details.clusterId + "^u_objectid=" + requestObj.custom_details.objectId + "^u_objecttype=" + requestObj.custom_details.objectType + "^u_audituserid=" + requestObj.custom_details.auditUserId;
	
	var incCheck = new GlideRecord('u_rubrik_notifications');	
	incCheck.addEncodedQuery(strQuery);
	incCheck.query();
	if (!incCheck.hasNext()){
	
		var grIncident = new GlideRecord('incident');
		grIncident.initialize();

		switch(requestObj.severity){
			case "info": 
				grIncident.impact = 3;
				grIncident.urgency = 3;
				break;
			case "warning": 
				grIncident.impact = 3;
				grIncident.urgency = 2;
				break;
			case "error": 
				grIncident.impact = 2;
				grIncident.urgency = 1;
				break;
			case "critical": 
				grIncident.impact = 1;
				grIncident.urgency = 1;			
		}
		
		grIncident.caller_id = 'Rubrik SA';
		grIncident.assignment_group = '56a6aad0db9f17805ec57dfdae96192d';
		grIncident.category = 'Software';
		grIncident.subcategory = 'Rubrik';
		grIncident.short_description = requestObj.summary;
		grIncident.description = "Please see the details of this event below: \n" + ( requestObj.summary !== "" ?  "\n Summary: " + requestObj.summary : "") + ( requestObj.source !== "" ?  "\n Source: " + requestObj.source : "")  + ( bodyStringClass !== "" ?  "\n Class: " + bodyStringClass : "") + ( requestObj.severity  !== "" ?  "\n Severity: " + requestObj.severity : "") + ( requestObj.custom_details.id  !== "" ?  "\n ID: " + requestObj.custom_details.id : "") + ( requestObj.custom_details.seriesId  !== "" ?  "\n Series ID: " + requestObj.custom_details.seriesId : "") + ( requestObj.custom_details.type  !== "" ?  "\n Type: " + requestObj.custom_details.type : "")	+ ( requestObj.custom_details.objectId  !== "" ?  "\n Object ID: " + requestObj.custom_details.objectId : "") + ( requestObj.custom_details.objectName  !== "" ?  "\n Object Name: " + requestObj.custom_details.objectName : "")	+ ( requestObj.custom_details.objectType  !== "" ?  "\n Object Type: " + requestObj.custom_details.objectType : "") + ( requestObj.custom_details.status  !== "" ?  "\n Status: " + requestObj.custom_details.status : "") + ( requestObj.custom_details.clusterId  !== "" ?  "\n Cluster ID: " + requestObj.custom_details.clusterId : "") + ( requestObj.custom_details.clusterName  !== "" ?  "\n Cluster Name: " + requestObj.custom_details.clusterName : "") + ( requestObj.custom_details.eventName  !== "" ?  "\n Event Name: " + requestObj.custom_details.eventName : "") + (requestObj.custom_details.errorId  !== "" ?  "\n Error ID: " + requestObj.custom_details.errorId : "") + ( requestObj.custom_details.errorCode  !== "" ?  "\n Error Code: " + requestObj.custom_details.errorCode : "") + ( requestObj.custom_details.errorRemedy  !== "" ?  "\n Error Remedy: " + requestObj.custom_details.errorRemedy : "") + ( requestObj.custom_details.errorReason  !== "" ?  "\n Error Reason: " + requestObj.custom_details.errorReason : "") + ( requestObj.custom_details.auditUserName  !== "" ?  "\n Audit User Name: " + requestObj.custom_details.auditUserName : "") + ( requestObj.custom_details.auditUserId  !== "" ?  "\n Audit User ID: " + requestObj.custom_details.auditUserId : "") + ( requestObj.custom_details.location  !== "" ?  "\n Location: " + requestObj.custom_details.location : "") + ( requestObj.custom_details.url  !== "" ?  "\n URL: " + requestObj.custom_details.url : "") + "\n\nBelow is the full JSON message: \n" + JSON.stringify(requestObj).split(",").join(",\n");
		
		grIncident.insert();
		gs.info(request.body.dataString);
	}		

})(request, response);

.lenght on glidequery may not work

Ken Berger · ‎02-21-2024

Harshad Wagh,

I owe you lunch 😉

THANK YOU!

Harshad Wagh · ‎02-21-2024

haha,. glad i was a help.

Robbie · ‎02-21-2024

Hi @Ken Berger,

I'm pretty sure trying to execute the query inside an if statement is not going to work. The good news is, there's an easy way to do this.

Essentially you can do the same by adjusting a few lines as below:

From your line 10 to line 12 as follows:

incCheck.addEncodedQuery(strQuery);

incCheck.query();

if (!incCheck.next()){

To help others (or for me to help you more directly), please mark this response correct by clicking on Accept as Solution and/or Helpful.

Thanks, Robbie

Here's the full script. (I haven't checked the rest of your code where you're building an object etc)

(function process(/*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {

	var bodyString = request.body.dataString + '';
    var requestObj = JSON.parse(bodyString + '');
	var bodyStringClass = bodyString.split('class":"')[1].split('"')[0];
	
	var strQuery = strQuery =  "sys_created_onRELATIVEGT@dayofweek@ago@1^u_summary=" + requestObj.summary + "^u_objectname=" + requestObj.custom_details.objectName + "^u_clusterid=" + requestObj.custom_details.clusterId + "^u_objectid=" + requestObj.custom_details.objectId + "^u_objecttype=" + requestObj.custom_details.objectType + "^u_audituserid=" + requestObj.custom_details.auditUserId;
	
	var incCheck = new GlideRecord('u_rubrik_notifications');	
	incCheck.addEncodedQuery(strQuery);
	incCheck.query();
        if (!incCheck.next()){

		var grIncident = new GlideRecord('incident');
		grIncident.initialize();

		switch(requestObj.severity){
			case "info": 
				grIncident.impact = 3;
				grIncident.urgency = 3;
				break;
			case "warning": 
				grIncident.impact = 3;
				grIncident.urgency = 2;
				break;
			case "error": 
				grIncident.impact = 2;
				grIncident.urgency = 1;
				break;
			case "critical": 
				grIncident.impact = 1;
				grIncident.urgency = 1;			
		}
		
		grIncident.caller_id = 'Rubrik SA';
		grIncident.assignment_group = '56a6aad0db9f17805ec57dfdae96192d';
		grIncident.category = 'Software';
		grIncident.subcategory = 'Rubrik';
		grIncident.short_description = requestObj.summary;
		grIncident.description = "Please see the details of this event below: \n" + ( requestObj.summary !== "" ?  "\n Summary: " + requestObj.summary : "") + ( requestObj.source !== "" ?  "\n Source: " + requestObj.source : "")  + ( bodyStringClass !== "" ?  "\n Class: " + bodyStringClass : "") + ( requestObj.severity  !== "" ?  "\n Severity: " + requestObj.severity : "") + ( requestObj.custom_details.id  !== "" ?  "\n ID: " + requestObj.custom_details.id : "") + ( requestObj.custom_details.seriesId  !== "" ?  "\n Series ID: " + requestObj.custom_details.seriesId : "") + ( requestObj.custom_details.type  !== "" ?  "\n Type: " + requestObj.custom_details.type : "")	+ ( requestObj.custom_details.objectId  !== "" ?  "\n Object ID: " + requestObj.custom_details.objectId : "") + ( requestObj.custom_details.objectName  !== "" ?  "\n Object Name: " + requestObj.custom_details.objectName : "")	+ ( requestObj.custom_details.objectType  !== "" ?  "\n Object Type: " + requestObj.custom_details.objectType : "") + ( requestObj.custom_details.status  !== "" ?  "\n Status: " + requestObj.custom_details.status : "") + ( requestObj.custom_details.clusterId  !== "" ?  "\n Cluster ID: " + requestObj.custom_details.clusterId : "") + ( requestObj.custom_details.clusterName  !== "" ?  "\n Cluster Name: " + requestObj.custom_details.clusterName : "") + ( requestObj.custom_details.eventName  !== "" ?  "\n Event Name: " + requestObj.custom_details.eventName : "") + (requestObj.custom_details.errorId  !== "" ?  "\n Error ID: " + requestObj.custom_details.errorId : "") + ( requestObj.custom_details.errorCode  !== "" ?  "\n Error Code: " + requestObj.custom_details.errorCode : "") + ( requestObj.custom_details.errorRemedy  !== "" ?  "\n Error Remedy: " + requestObj.custom_details.errorRemedy : "") + ( requestObj.custom_details.errorReason  !== "" ?  "\n Error Reason: " + requestObj.custom_details.errorReason : "") + ( requestObj.custom_details.auditUserName  !== "" ?  "\n Audit User Name: " + requestObj.custom_details.auditUserName : "") + ( requestObj.custom_details.auditUserId  !== "" ?  "\n Audit User ID: " + requestObj.custom_details.auditUserId : "") + ( requestObj.custom_details.location  !== "" ?  "\n Location: " + requestObj.custom_details.location : "") + ( requestObj.custom_details.url  !== "" ?  "\n URL: " + requestObj.custom_details.url : "") + "\n\nBelow is the full JSON message: \n" + JSON.stringify(requestObj).split(",").join(",\n");
		
		grIncident.insert();
		gs.info(request.body.dataString);
	}		

})(request, response);