Create Event Rule
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 hours ago
I need to create an Event Rule for SolarWinds so that only events with Event Type = 5000 generate alerts. This eventType is available in the Additional Information field of the event in the following format:
"eventType":"5000".
Currently, there are other Event Rules already configured in the system, and alerts are being created from those rules as well. I want to ensure that only this event type creates alerts from SolarWinds.
Important: We do not want other events to be ignored. They should still be processed by ServiceNow, but must not create alerts.
Can anyone help and suggest a solution?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
an hour ago
Hi Buddy,
Yes, this is definitely doable, and the key is to filter alert creation, not the incoming events themselves.
You want all SolarWinds events to continue flowing into ServiceNow, but only the ones with "eventType":"5000" should generate alerts. The right place to control that is in the Event Rule.
The cleanest approach is to update (or create) a SolarWinds-specific Event Rule with a condition or script that checks the Additional Information field and only allows alert creation when eventType = 5000. When the condition isn’t met, the event is still processed and stored, it just doesn’t result in an alert.
This way:
All SolarWinds events are still ingested and visible
Existing rules can remain in place
Only the desired event type produces alerts, reducing noise without breaking the integration
Avoid suppressing or blocking the events at ingestion, since that would prevent them from being available for correlation or troubleshooting later.
This pattern keeps the integration intact while giving you precise control over which events actually turn into alerts.
@Sidra Arif - Please mark Accepted Solution and Thumbs Up if you found Helpful 🙂
