- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
Hello Folks,
Can anyone guide me on what is correlation rules in event management? And, how does event will come into em_event table via MID Server/API Integration. What are the configuration we have to perform in the Monitoring tool side & Servicenow side for event ingestions?
Thanks
Solved! Go to Solution.
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
hii @csatish
💡 If my response helped please mark it as Correct ✅ so it can help future readers find the solution more easily 🙏
Regards
Vaishali Singh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
hey @csatish
To get alerts from SolarWinds into ServiceNow Event Management, configuration is required on both the SolarWinds side and the ServiceNow side.
First, configuration on the SolarWinds side
SolarWinds needs to be configured to send events to ServiceNow whenever a monitoring condition is triggered.
You need to configure alerts in SolarWinds based on metrics like CPU, memory, disk, application errors, or availability.
In the alert action, configure a Webhook or REST API call that sends data to ServiceNow Event Management.
The REST call should point to the ServiceNow Event Management endpoint
/api/global/em/jsonv2The payload sent from SolarWinds should include required fields such as
source as SolarWinds
node or host name
resource name
metric name
severity
message key for uniqueness
description
SolarWinds will send this payload automatically whenever the alert condition is met.
Second, configuration on the ServiceNow side
Enable Event Management and make sure the Event Management API is accessible.
Verify that incoming events are created in the em_event table when SolarWinds sends data.
Configure Event Rules if needed to normalize or enrich the event data coming from SolarWinds.
Ensure alert creation is enabled so events from SolarWinds generate alerts in the em_alert table.
Use message key and source to handle deduplication and correlation.
Third, alert to incident configuration
Configure Alert Rules in ServiceNow to decide when an incident should be created.
For example
If alert severity is greater than or equal to the defined threshold, create an incident.
Map alert fields like node, metric, source, severity, and description to incident fields.
Fourth, testing and validation
Trigger a test alert from SolarWinds.
Confirm that
Event is created in em_event
Alert is created in em_alert
Incident is created if severity condition is met
Once this setup is done, SolarWinds alerts will automatically flow into ServiceNow and follow the Event Management process.
*************************************************************************************************************
If this response helps, please mark it as Accept as Solution and Helpful.
Doing so helps others in the community and encourages me to keep contributing.
Regards
Vaishali Singh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
3 weeks ago
hii @csatish
💡 If my response helped please mark it as Correct ✅ so it can help future readers find the solution more easily 🙏
Regards
Vaishali Singh
