Event Management - SCOM Severity Not Passing to ServiceNow

Justin Wilburn
Kilo Contributor

‎06-11-2018 02:45 PM

Has anyone had trouble with payload information showing up as 'error' in Event Management? To be more specific, we are using the SCOM connector instance to connect our SCOM instance with service now, via a MID Server. While some events show up with a 'SCOM Severity' JSON pair equal to the Severity (Warning for example), others show up with a 'SCOM Severity' JSON pair as 'Error'. 

I have double checked that the events showing up with 'SCOM Severity' of Error in SN actually have a defined Severity inside of SCOM (so the issue is not with the monitoring tool). Just struggling to understand why this value cannot be interpreted/transferred correctly for half of our events. Any insight/assistance would be greatly appreciated. 

 find_real_file.png

 

find_real_file.png

Labels:
Preview file
185 KB
Preview file
155 KB
Preview file
44 KB
0 Helpfuls
  • 2,245 Views
15 REPLIES 15

Christian Ramos
Kilo Explorer

‎06-19-2018 12:33 AM

I have the same issue.

You can check the groovy script on the Connector definition of SCOM > SCOMConnector.groovy

By default, "Error" is mapped to Major Severity for the event.

 
String scomSeverity = params.get("SCOMSeverity");
if ("Error".equals(scomSeverity)) {
event.setSeverity("2");
} else if ("Warning".equals(scomSeverity)) {
event.setSeverity("4");
} else if ("Information".equals(scomSeverity)) {
event.setSeverity("5");
} else {
event.setSeverity("3");
}​

I'm not sure you can map out the defined severity coming from SCOM Alert from this script.

If you find out a solution, mind to share it with me also 🙂

 

Thanks

 

Preview file
16 KB
Preview file
16 KB
0 Helpfuls

Justin Wilburn
Kilo Contributor
In response to Christian Ramos

‎06-26-2018 02:07 PM

Thanks for the Reply. Out of curiosity, what version are you guys on? And have you had any luck with finding an answer on how this can be corrected? I am curious if the connector instance in Jakarta or Kingston has a correction in place.

 

We are on Istanbul, with plans to move to Kingston in the next 2-3 months. 

0 Helpfuls

Michael Skov2
Kilo Guru

‎06-19-2018 03:28 AM

What about other Critical alerts from SCOM, are they being mapped correctly in ServiceNow? I am wondering if it is only related to Critical alerts from SCOM, or also Warnings from SCOM.

0 Helpfuls

Justin Wilburn
Kilo Contributor
In response to Michael Skov2

‎06-19-2018 08:29 AM

Now that you mention it..... I went back and pulled some reports, events from SCOM with a severity of Warning of Informational show up correctly. SCOM Critical events never process; have a SCOM Severity in the event of Error. Any idea why this might be?

0 Helpfuls

Michael Skov2
Kilo Guru
In response to Justin Wilburn

‎06-19-2018 11:03 PM

Interesting 🙂

First, the "SCOMSeverity":"Error" is correct. I have critical events from SCOM mapped to major alerts in ServiceNow.

Also, your event is actually being processed (it doesnt say Error in State). How does the alert look?

 

0 Helpfuls