- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-08-2017 09:42 PM
Hi,
I am looking at creating incidents using inbound actions on Nagios Alerts. I have done this by using the service-now email in Nagios alerts.
I am struggling with the inbound actions to make this do different actions for different types of alerts, I am looking at setting Critical Alerts to active and Warnings to resolved with all the relevant fields completed.
I have the code below for Critical / Warning Alerts:
// | Note: current.opened_by is already set to the first UserID that matches the From: email address |
current.caller_id = gs.getUserID();
current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;
current.short_description = email.subject;
current.category = "Alert";
Current.State = "Resolved";
current.caller = "Nagios Alert";
current.AffectedUser = "Nagios Alert";
Current.SubCategory = "Other";
current.incident_state = 4;
current.notify = 4;
current.contact_type = "email";
if (email.body.assign != undefined)
current.assigned_to = email.body.assign; |
if(email.importance != undefined)
if (email.importance == "CRITICAL", "WARNING") | |
current.priority = 4; |
if (email.body.priority != undefined)
current.priority = email.body.priority; |
current.insert();
If someone can help with the coding this would be a great help.
Thanks.
Solved! Go to Solution.
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-15-2017 09:05 AM
Hi Ahmed,
This is tested in my instance:
current.caller_id = gs.getUserID();
current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;
current.short_description = email.subject;
if (email.subject.assign != undefined)
current.assigned_to = email.body.assign;
if (email.subject.toString().toLowerCase().indexOf('critical') > -1){
gs.log('this is a critical message'); // you can remove this line
insertCritical();
}
else if (email.subject.toString().toLowerCase().indexOf('warning') > -1 ){
gs.log('this is a warning message'); // you can remove this line
insertWarning();
}
else if (email.subject.toString().indexOf('recovered')){
current.state ="stop_processing";
}
function insertCritical() {
current.opened_by = 'default.user';
current.short_description = email.subject;// + ' from: ' + email.origemail;
current.contact_type = 'email';
current.state = 1; //new
current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs
current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;
current.insert();
}
function insertWarning() {
current.opened_by = 'default.user';
current.short_description = email.subject;// + ' from: ' + email.origemail;
current.contact_type = 'email';
current.state = 6; //resolved
current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs
current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;
current.insert();
}
In the function part - you can remove my entries and put whatever you want the incident to show.
I did not put any function under recovered. Make your own function if needed.
Harel
Please mark as correct or helpful based on impact
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-09-2017 12:13 PM
Hi Ahmed,
What is the problem? Incidents not being created or fields not being populated as desired?
A few suggestions:
1. Make sure that all of your current.something is in small letter case. For instance, Current.State should be current.state.
2. Make sure you are using the correct field names. For instance: current.caller may be current.caller_id
What do you mean by critical alerts to active and warning to resolved?
harel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-09-2017 02:45 PM
Hi,
I will try as you suggested using the lower case for current.something.
The emails are being created using the Nagios alert as expected but not filling the fields.
What i mean by critical to set state as new and warning to set as resolved is as follows:
1. Critical - when an alert email from Nagios is received with the words Critical in the description to create an incident with state as new.
2. Warning - when an alert email from Nagios is received with the words Warning in the description to create an incident with state as resolved.
Hope you understant what i am trying to do.
Thanks
Ahmed
Get Outlook for Android<https://aka.ms/ghei36>
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-09-2017 06:55 PM
1. Critical - when an alert email from Nagios is received with the words Critical in the description to create an incident with state as new.
2. Warning - when an alert email from Nagios is received with the words Warning in the description to create an incident with state as resolved.
Not sure what you mean by 'description' when referring to an email. Regardless, something like this should work. Substitute '<subject/body>' with either 'subject' or 'body' depending on where it is you want to look:
if(email.<subject/body>.toString().toLowerCase().indexOf('critical') > -1){
current.state = 1;
}
else if(email.<subject/body>.toString().toLowerCase().indexOf('warning') > -1){
current.state = 6;
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-14-2017 07:11 AM
Hi Matthew,
I have used the code as recommended by yourself and it doesn't seem to recognise the code and generates all tickets with state as new.
Below is the code if you can provide some further assistance:
// | Note: current.opened_by is already set to the first UserID that matches the From: email address |
current.caller_id = gs.getUserID();
current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;
current.short_description = email.subject;
if (email.subject.assign != undefined)
current.assigned_to = email.body.assign; |
if (email.subject.toString().toLowerCase().indexOf ('CRITICAL')){
current.state =1;
}
else if (email.subject.toString().toLowerCase().indexOf('WARNING')){
current.state =6;
}
else if (email.subject.toString().toLowerCase().indexOf('RECOVERED')){
current.state ="stop_processing";
}
The one in bold is one i have used to try and stop processing if the word recovered is in the subject.
Kind Regards
Ahmed.