Nagios to Service-Now - Creating alerts using inbound actions

ahmedhussain1 · ‎04-08-2017

Hi,

I am looking at creating incidents using inbound actions on Nagios Alerts. I have done this by using the service-now email in Nagios alerts.

I am struggling with the inbound actions to make this do different actions for different types of alerts, I am looking at setting Critical Alerts to active and Warnings to resolved with all the relevant fields completed.

I have the code below for Critical / Warning Alerts:

//	Note: current.opened_by is already set to the first UserID that matches the From: email address

current.caller_id = gs.getUserID();

current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;

current.short_description = email.subject;

current.category = "Alert";

Current.State = "Resolved";

current.caller = "Nagios Alert";

current.AffectedUser = "Nagios Alert";

Current.SubCategory = "Other";

current.incident_state = 4;

current.notify = 4;

current.contact_type = "email";

if (email.body.assign != undefined)

current.assigned_to = email.body.assign;

if(email.importance != undefined)

	if (email.importance == "CRITICAL", "WARNING")
	current.priority = 4;

if (email.body.priority != undefined)

current.priority = email.body.priority;

current.insert();

If someone can help with the coding this would be a great help.

Thanks.

oharel · ‎04-15-2017

Hi Ahmed,

This is tested in my instance:

current.caller_id = gs.getUserID();

current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;

current.short_description = email.subject;


if (email.subject.assign != undefined)

   current.assigned_to = email.body.assign;

if (email.subject.toString().toLowerCase().indexOf('critical') > -1){

   gs.log('this is a critical message'); // you can remove this line

   insertCritical();

}

else if (email.subject.toString().toLowerCase().indexOf('warning') > -1 ){

   gs.log('this is a warning message'); // you can remove this line

   insertWarning();

}

else if (email.subject.toString().indexOf('recovered')){

   current.state ="stop_processing";

}


function insertCritical() {

   current.opened_by = 'default.user';

   current.short_description = email.subject;// + ' from: ' + email.origemail;

   current.contact_type = 'email';

   current.state = 1; //new

   current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs

   current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;

   current.insert();

}

function insertWarning() {

   current.opened_by = 'default.user';

   current.short_description = email.subject;// + ' from: ' + email.origemail;

   current.contact_type = 'email';

   current.state = 6; //resolved

   current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs

   current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;

   current.insert();

}

In the function part - you can remove my entries and put whatever you want the incident to show.

I did not put any function under recovered. Make your own function if needed.

Harel

Please mark as correct or helpful based on impact

View solution in original post

oharel · ‎04-09-2017

Hi Ahmed,

What is the problem? Incidents not being created or fields not being populated as desired?

A few suggestions:

1. Make sure that all of your current.something is in small letter case. For instance, Current.State should be current.state.

2. Make sure you are using the correct field names. For instance: current.caller may be current.caller_id

What do you mean by critical alerts to active and warning to resolved?

harel

ahmedhussain1 · ‎04-09-2017

Hi,

I will try as you suggested using the lower case for current.something.

The emails are being created using the Nagios alert as expected but not filling the fields.

What i mean by critical to set state as new and warning to set as resolved is as follows:

1. Critical - when an alert email from Nagios is received with the words Critical in the description to create an incident with state as new.

2. Warning - when an alert email from Nagios is received with the words Warning in the description to create an incident with state as resolved.

Hope you understant what i am trying to do.

Thanks

Ahmed

Get Outlook for Android<https://aka.ms/ghei36>

Matthew Glenn · ‎04-09-2017

1. Critical - when an alert email from Nagios is received with the words Critical in the description to create an incident with state as new.

2. Warning - when an alert email from Nagios is received with the words Warning in the description to create an incident with state as resolved.

Not sure what you mean by 'description' when referring to an email. Regardless, something like this should work. Substitute '<subject/body>' with either 'subject' or 'body' depending on where it is you want to look:

if(email.<subject/body>.toString().toLowerCase().indexOf('critical') > -1){

   current.state = 1;

}

else if(email.<subject/body>.toString().toLowerCase().indexOf('warning') > -1){

   current.state = 6;

}

ahmedhussain1 · ‎04-14-2017

Hi Matthew,

I have used the code as recommended by yourself and it doesn't seem to recognise the code and generates all tickets with state as new.

Below is the code if you can provide some further assistance:

//	Note: current.opened_by is already set to the first UserID that matches the From: email address

current.caller_id = gs.getUserID();

current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;

current.short_description = email.subject;

if (email.subject.assign != undefined)

current.assigned_to = email.body.assign;

if (email.subject.toString().toLowerCase().indexOf ('CRITICAL')){

current.state =1;

}

else if (email.subject.toString().toLowerCase().indexOf('WARNING')){

current.state =6;

}

else if (email.subject.toString().toLowerCase().indexOf('RECOVERED')){

current.state ="stop_processing";

}

The one in bold is one i have used to try and stop processing if the word recovered is in the subject.

Kind Regards

Ahmed.