- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-08-2017 09:42 PM
Hi,
I am looking at creating incidents using inbound actions on Nagios Alerts. I have done this by using the service-now email in Nagios alerts.
I am struggling with the inbound actions to make this do different actions for different types of alerts, I am looking at setting Critical Alerts to active and Warnings to resolved with all the relevant fields completed.
I have the code below for Critical / Warning Alerts:
// | Note: current.opened_by is already set to the first UserID that matches the From: email address |
current.caller_id = gs.getUserID();
current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;
current.short_description = email.subject;
current.category = "Alert";
Current.State = "Resolved";
current.caller = "Nagios Alert";
current.AffectedUser = "Nagios Alert";
Current.SubCategory = "Other";
current.incident_state = 4;
current.notify = 4;
current.contact_type = "email";
if (email.body.assign != undefined)
current.assigned_to = email.body.assign; |
if(email.importance != undefined)
if (email.importance == "CRITICAL", "WARNING") | |
current.priority = 4; |
if (email.body.priority != undefined)
current.priority = email.body.priority; |
current.insert();
If someone can help with the coding this would be a great help.
Thanks.
Solved! Go to Solution.
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2017 09:05 AM
Hi Ahmed,
This is tested in my instance:
current.caller_id = gs.getUserID();
current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;
current.short_description = email.subject;
if (email.subject.assign != undefined)
current.assigned_to = email.body.assign;
if (email.subject.toString().toLowerCase().indexOf('critical') > -1){
gs.log('this is a critical message'); // you can remove this line
insertCritical();
}
else if (email.subject.toString().toLowerCase().indexOf('warning') > -1 ){
gs.log('this is a warning message'); // you can remove this line
insertWarning();
}
else if (email.subject.toString().indexOf('recovered')){
current.state ="stop_processing";
}
function insertCritical() {
current.opened_by = 'default.user';
current.short_description = email.subject;// + ' from: ' + email.origemail;
current.contact_type = 'email';
current.state = 1; //new
current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs
current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;
current.insert();
}
function insertWarning() {
current.opened_by = 'default.user';
current.short_description = email.subject;// + ' from: ' + email.origemail;
current.contact_type = 'email';
current.state = 6; //resolved
current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs
current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;
current.insert();
}
In the function part - you can remove my entries and put whatever you want the incident to show.
I did not put any function under recovered. Make your own function if needed.
Harel
Please mark as correct or helpful based on impact
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2017 07:15 AM
Hi,
Currently between 40-70 alerts per day.
Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-15-2017 09:05 AM
Hi Ahmed,
This is tested in my instance:
current.caller_id = gs.getUserID();
current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;
current.short_description = email.subject;
if (email.subject.assign != undefined)
current.assigned_to = email.body.assign;
if (email.subject.toString().toLowerCase().indexOf('critical') > -1){
gs.log('this is a critical message'); // you can remove this line
insertCritical();
}
else if (email.subject.toString().toLowerCase().indexOf('warning') > -1 ){
gs.log('this is a warning message'); // you can remove this line
insertWarning();
}
else if (email.subject.toString().indexOf('recovered')){
current.state ="stop_processing";
}
function insertCritical() {
current.opened_by = 'default.user';
current.short_description = email.subject;// + ' from: ' + email.origemail;
current.contact_type = 'email';
current.state = 1; //new
current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs
current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;
current.insert();
}
function insertWarning() {
current.opened_by = 'default.user';
current.short_description = email.subject;// + ' from: ' + email.origemail;
current.contact_type = 'email';
current.state = 6; //resolved
current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs
current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;
current.insert();
}
In the function part - you can remove my entries and put whatever you want the incident to show.
I did not put any function under recovered. Make your own function if needed.
Harel
Please mark as correct or helpful based on impact
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-16-2017 02:48 AM
Thanks Harel
This has worked in my instance aswell.
Kind Regards