Nagios to Service-Now - Creating alerts using inbound actions

ahmedhussain1
Kilo Contributor

Hi,

I am looking at creating incidents using inbound actions on Nagios Alerts. I have done this by using the service-now email in Nagios alerts.

I am struggling with the inbound actions to make this do different actions for different types of alerts, I am looking at setting Critical Alerts to active and Warnings to resolved with all the relevant fields completed.

I have the code below for Critical / Warning Alerts:

//Note: current.opened_by is already set to the first UserID that matches the From: email address

current.caller_id = gs.getUserID();

current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;

current.short_description = email.subject;

current.category = "Alert";

Current.State = "Resolved";

current.caller = "Nagios Alert";

current.AffectedUser = "Nagios Alert";

Current.SubCategory = "Other";

current.incident_state = 4;

current.notify = 4;

current.contact_type = "email";

if (email.body.assign != undefined)

current.assigned_to = email.body.assign;

if(email.importance != undefined)

if (email.importance == "CRITICAL", "WARNING")
current.priority = 4;

if (email.body.priority != undefined)

current.priority = email.body.priority;

current.insert();

If someone can help with the coding this would be a great help.

Thanks.

1 ACCEPTED SOLUTION

Hi Ahmed,



This is tested in my instance:


current.caller_id = gs.getUserID();


current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;


current.short_description = email.subject;



if (email.subject.assign != undefined)


  current.assigned_to = email.body.assign;


if (email.subject.toString().toLowerCase().indexOf('critical') > -1){


  gs.log('this is a critical message'); // you can remove this line


  insertCritical();


}


else if (email.subject.toString().toLowerCase().indexOf('warning') > -1 ){


  gs.log('this is a warning message'); // you can remove this line


  insertWarning();


}


else if (email.subject.toString().indexOf('recovered')){


  current.state ="stop_processing";


}



function insertCritical() {


  current.opened_by = 'default.user';


  current.short_description = email.subject;// + ' from: ' + email.origemail;


  current.contact_type = 'email';


  current.state = 1; //new


  current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs


  current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;


  current.insert();


}


function insertWarning() {


  current.opened_by = 'default.user';


  current.short_description = email.subject;// + ' from: ' + email.origemail;


  current.contact_type = 'email';


  current.state = 6; //resolved


  current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs


  current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;


  current.insert();


}



In the function part - you can remove my entries and put whatever you want the incident to show.


I did not put any function under recovered. Make your own function if needed.



Harel


Please mark as correct or helpful based on impact


View solution in original post

12 REPLIES 12

Hi,




Currently between 40-70 alerts per day.




Regards


Hi Ahmed,



This is tested in my instance:


current.caller_id = gs.getUserID();


current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;


current.short_description = email.subject;



if (email.subject.assign != undefined)


  current.assigned_to = email.body.assign;


if (email.subject.toString().toLowerCase().indexOf('critical') > -1){


  gs.log('this is a critical message'); // you can remove this line


  insertCritical();


}


else if (email.subject.toString().toLowerCase().indexOf('warning') > -1 ){


  gs.log('this is a warning message'); // you can remove this line


  insertWarning();


}


else if (email.subject.toString().indexOf('recovered')){


  current.state ="stop_processing";


}



function insertCritical() {


  current.opened_by = 'default.user';


  current.short_description = email.subject;// + ' from: ' + email.origemail;


  current.contact_type = 'email';


  current.state = 1; //new


  current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs


  current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;


  current.insert();


}


function insertWarning() {


  current.opened_by = 'default.user';


  current.short_description = email.subject;// + ' from: ' + email.origemail;


  current.contact_type = 'email';


  current.state = 6; //resolved


  current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs


  current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;


  current.insert();


}



In the function part - you can remove my entries and put whatever you want the incident to show.


I did not put any function under recovered. Make your own function if needed.



Harel


Please mark as correct or helpful based on impact


Thanks Harel



This has worked in my instance aswell.



Kind Regards