Incomming events are missing value in Severity field - how do I set the value - via Event Rules??

Go to solution
JanneHjorth
Tera Contributor

‎10-26-2020 12:59 AM

Hi all.

I'm new to Event Management and at the moment we experience incomming events, where Severity field is empty. So no alerts are created. I have this record:
find_real_file.png

How can I set a value in Severity field and secure the creation of alerts??

I really need a helping hand here - thanks in advance.

Regards, 

Janne

Labels:
Preview file
84 KB
0 Helpfuls
  • 3,295 Views
1 ACCEPTED SOLUTION

Go to solution
patrickkenney
Kilo Expert

‎10-26-2020 07:26 AM

The Manual attributes will create a new Additional Details JSON pair. You will want to place a number, 0-5, into the Severity field. When the Transform contains a variable representation like ${severity}, it will use the value sent from the default event. In your case that is currently empty.

 

 

View solution in original post

12 REPLIES 12

Go to solution
JanneHjorth
Tera Contributor
In response to dbehnood

‎10-26-2020 07:21 AM

Thanks for this information Dom 🙂

 

Regards, 

Janne

0 Helpfuls

Go to solution
dbehnood
Tera Expert
In response to JanneHjorth

‎10-26-2020 07:27 AM

No worries Janne. How are the Events getting inserted (webservices/https, email, snmp trap)?

0 Helpfuls

Go to solution
JanneHjorth
Tera Contributor
In response to dbehnood

‎10-26-2020 07:30 AM

The events are inserted via Webservice.

0 Helpfuls

Go to solution
patrickkenney
Kilo Expert

‎10-26-2020 07:05 AM

You can begin by reviewing the Event Rules documentation here: https://docs.servicenow.com/bundle/paris-it-operations-management/page/product/event-management/concept/create-event-rules.html

It looks like you already have an Event Rule called "Umon_missingSeverity". In this rule you can set the severity to a fixed value. If you will have events that arrive with different text in the description that indicates severity then you would need an Event Rule for each scenario.

 

1. Using the description text it states "Status is Critical". Add a line of filtering to look for a Description that contains "Status is Critical".

2. In the Transform section of this rule add a Severity value 0-5 in the Severity field.

Given the format of your description and the lack of a Severity value being passed with the event, you will need an event rule for each severity because of the need to match the text each event to determine severity.

 

 

 

Go to solution
JanneHjorth
Tera Contributor
In response to patrickkenney

‎10-26-2020 07:17 AM

Hi Patrick.

Thank you for the answer.

 

I've tried to make an Event Rule, where I set the Severity value - but it doesn't work.
In the "Transform and Compose Alert Output" I've tried to set the Severity value like this:

find_real_file.png

Is there another way??

Regards Janne

Preview file
54 KB
0 Helpfuls