Nagios to Service-Now - Creating alerts using inbound actions

Go to solution
ahmedhussain1
Kilo Contributor

‎04-08-2017 09:42 PM

Hi,

I am looking at creating incidents using inbound actions on Nagios Alerts. I have done this by using the service-now email in Nagios alerts.

I am struggling with the inbound actions to make this do different actions for different types of alerts, I am looking at setting Critical Alerts to active and Warnings to resolved with all the relevant fields completed.

I have the code below for Critical / Warning Alerts:

//Note: current.opened_by is already set to the first UserID that matches the From: email address

current.caller_id = gs.getUserID();

current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;

current.short_description = email.subject;

current.category = "Alert";

Current.State = "Resolved";

current.caller = "Nagios Alert";

current.AffectedUser = "Nagios Alert";

Current.SubCategory = "Other";

current.incident_state = 4;

current.notify = 4;

current.contact_type = "email";

if (email.body.assign != undefined)

current.assigned_to = email.body.assign;

if(email.importance != undefined)

if (email.importance == "CRITICAL", "WARNING")
current.priority = 4;

if (email.body.priority != undefined)

current.priority = email.body.priority;

current.insert();

If someone can help with the coding this would be a great help.

Thanks.

Labels:
0 Helpfuls
  • 2,588 Views
1 ACCEPTED SOLUTION

Go to solution
oharel
Kilo Sage
In response to ahmedhussain1

‎04-15-2017 09:05 AM

Hi Ahmed,



This is tested in my instance:


current.caller_id = gs.getUserID();

current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;

current.short_description = email.subject;


if (email.subject.assign != undefined)

   current.assigned_to = email.body.assign;

if (email.subject.toString().toLowerCase().indexOf('critical') > -1){

   gs.log('this is a critical message'); // you can remove this line

   insertCritical();

}

else if (email.subject.toString().toLowerCase().indexOf('warning') > -1 ){

   gs.log('this is a warning message'); // you can remove this line

   insertWarning();

}

else if (email.subject.toString().indexOf('recovered')){

   current.state ="stop_processing";

}


function insertCritical() {

   current.opened_by = 'default.user';

   current.short_description = email.subject;// + ' from: ' + email.origemail;

   current.contact_type = 'email';

   current.state = 1; //new

   current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs

   current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;

   current.insert();

}

function insertWarning() {

   current.opened_by = 'default.user';

   current.short_description = email.subject;// + ' from: ' + email.origemail;

   current.contact_type = 'email';

   current.state = 6; //resolved

   current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs

   current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;

   current.insert();

}


In the function part - you can remove my entries and put whatever you want the incident to show.


I did not put any function under recovered. Make your own function if needed.



Harel


Please mark as correct or helpful based on impact


View solution in original post

12 REPLIES 12

Go to solution
ahmedhussain1
Kilo Contributor
In response to ashwinkumar_pat

‎04-15-2017 07:15 AM

Hi,




Currently between 40-70 alerts per day.




Regards


0 Helpfuls

Go to solution
oharel
Kilo Sage
In response to ahmedhussain1

‎04-15-2017 09:05 AM

Hi Ahmed,



This is tested in my instance:


current.caller_id = gs.getUserID();

current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;

current.short_description = email.subject;


if (email.subject.assign != undefined)

   current.assigned_to = email.body.assign;

if (email.subject.toString().toLowerCase().indexOf('critical') > -1){

   gs.log('this is a critical message'); // you can remove this line

   insertCritical();

}

else if (email.subject.toString().toLowerCase().indexOf('warning') > -1 ){

   gs.log('this is a warning message'); // you can remove this line

   insertWarning();

}

else if (email.subject.toString().indexOf('recovered')){

   current.state ="stop_processing";

}


function insertCritical() {

   current.opened_by = 'default.user';

   current.short_description = email.subject;// + ' from: ' + email.origemail;

   current.contact_type = 'email';

   current.state = 1; //new

   current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs

   current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;

   current.insert();

}

function insertWarning() {

   current.opened_by = 'default.user';

   current.short_description = email.subject;// + ' from: ' + email.origemail;

   current.contact_type = 'email';

   current.state = 6; //resolved

   current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs

   current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;

   current.insert();

}


In the function part - you can remove my entries and put whatever you want the incident to show.


I did not put any function under recovered. Make your own function if needed.



Harel


Please mark as correct or helpful based on impact


Go to solution
ahmedhussain1
Kilo Contributor
In response to oharel

‎04-16-2017 02:48 AM

Thanks Harel



This has worked in my instance aswell.



Kind Regards


0 Helpfuls