- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-13-2018 09:39 AM
What would be best approach to send email for events in Event Management(EM). Using event rule we can process events/extract required data, bind to CI and using alert rule we can auto-open incidents further use script includes (EvtMgmtCustomIncidentPopulator) to populate certain custom data in incidents.
There may be situations where only email is required (say for example events with severity 'Minor' or 'Warning'), we need to depend on Notifications and write separate notification/script for each different type of requirement/customization . Alert rule is not much useful to standardize the implementation with rules
Please suggest.
Let's discuss and find best approach.
Thanks in advance.
Solved! Go to Solution.
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2018 09:58 AM
I figured out a way for email only notification. To write a script in script includes which can be invoked from notification template. This script will have capabilities to parse additional information contents(also contains data extracted from event rules) in JSON format ,so desired notification can be sent
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-14-2018 03:33 AM
So the question is more around notification and not receiving events by email but for future reference you can do it by having an inbound email action which parses the body of an email and creates an entry in the event table for it (I've had to do it for old monitoring tools that don't support SNMP).
If you just want to do a notification instead of opening an incident then I would suggest doing it by alert rule and attach a workflow to it.
https://docs.servicenow.com/bundle/kingston-it-operations-management/page/product/event-management/task/t_EMCreateAlertRule.html
By attaching a workflow to auto remediate the alert you can have the workflow send an email via inserting a request in the event table to trigger the email to be sent. I would really talk with your incident process owner though as these should go through incident and open up low rated incidents (that could even auto-close). But either way trigger a workflow using alert rules should get you what you want (you can set the filter on it to match only certain types and severities and this is how I would suggest you do it). Let me know if you have any questions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2018 05:26 AM
One way to leverage email within ServiceNow Event Management is to use an Inbound Action to add a record to the em_event table. Go to System Policy-->Inbound Action and create new. Make sure the target table is the em_event table.
If the email is formatted in name:value pairs each on their own line within the email body, populating the event fields is very easy.
current.source = email.body.source;
current.description = 'Subject:' + email.subject + '\n\n' + email.body_text;
current.node = email.body.node;
current.type = email.body.type;
current.resource = email.body.resource;
current.severity = email.body.severity;
Otherwise, you would simply modify the script to extract whatever information you need from the email and set the event fields accordingly. From there, you can use Event Management event rules, alert management, correlation, remediation, etc... like you would on any other type of event. Hope that helps.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2018 05:38 AM
Luke,
One thing I would add to this is make sure you set the initial event time. If you don't what will end up happening is that the email will pull every 1-2 minutes and it will create a bunch of events that seem like they are all occurring at the same time. This is a problem because if there is a clear message there along with a severity setting event you may end up creating the clear alert first and then the severity set as it sorts by that initial event time.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2018 05:46 AM
Great catch, thanks - I mistakenly left that off my initial response, and we actually ran into the exact scenario you described for some of our email events, with the clear even being processed prior to the initial alarm at times.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-04-2018 09:58 AM
I figured out a way for email only notification. To write a script in script includes which can be invoked from notification template. This script will have capabilities to parse additional information contents(also contains data extracted from event rules) in JSON format ,so desired notification can be sent
