How can I update the "Incident Number" field on SolarWinds alerts from ServiceNow?

PavanBV
Giga Guru

‎07-25-2024 03:57 AM

Hi,

 

We have events coming from SolarWinds and are generating alerts and incidents accordingly. While we successfully acknowledged SolarWinds alerts using a REST endpoint, we are having trouble updating the "Incident Number" field on the SolarWinds alert with the ServiceNow incident number.

 

Does anyone have an idea on how to implement this?

 

Thanks.

0 Helpfuls
  • 397 Views
1 REPLY 1

Sam Webb
ServiceNow Employee
ServiceNow Employee

‎07-30-2024 08:09 AM

Hi Pavan,

 

Hard to say for sure - but if you're posting to an Alert API and not the Incident one, you will likely only get an HTTP 200 - not an Incident number. This is because at the time of receipt, an Event is created, which then becomes an Alert, which then may or may not become an Incident.

 

What you'll need to do is configure an Alert Management Rule that posts the Incident number for the Alert ID from Solarwinds back out. Don't do this in a "standard" flow as if you force it to wait for an incident number (that may or may not be created) then you'll have long-running flows waiting for input they'll never get.

 

Additionally, it might be worth putting this into a self-contained "post inc number out to Solarwinds" type rule and set it and the "create Incident" rules to "Search for other rules" just so you don't have the overhead of trying to identify if you should post out to Solarwinds for every single Incident created by Event Management.

 

Documentation here:

https://docs.servicenow.com/bundle/washingtondc-it-operations-management/page/product/event-manageme...

 

Hope that helps as a starting point!

 

Thanks,
Sam

0 Helpfuls