- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-08-2017 09:42 PM
Hi,
I am looking at creating incidents using inbound actions on Nagios Alerts. I have done this by using the service-now email in Nagios alerts.
I am struggling with the inbound actions to make this do different actions for different types of alerts, I am looking at setting Critical Alerts to active and Warnings to resolved with all the relevant fields completed.
I have the code below for Critical / Warning Alerts:
// | Note: current.opened_by is already set to the first UserID that matches the From: email address |
current.caller_id = gs.getUserID();
current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;
current.short_description = email.subject;
current.category = "Alert";
Current.State = "Resolved";
current.caller = "Nagios Alert";
current.AffectedUser = "Nagios Alert";
Current.SubCategory = "Other";
current.incident_state = 4;
current.notify = 4;
current.contact_type = "email";
if (email.body.assign != undefined)
current.assigned_to = email.body.assign; |
if(email.importance != undefined)
if (email.importance == "CRITICAL", "WARNING") | |
current.priority = 4; |
if (email.body.priority != undefined)
current.priority = email.body.priority; |
current.insert();
If someone can help with the coding this would be a great help.
Thanks.
Solved! Go to Solution.
- Labels:
-
Event Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-15-2017 09:05 AM
Hi Ahmed,
This is tested in my instance:
current.caller_id = gs.getUserID();
current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;
current.short_description = email.subject;
if (email.subject.assign != undefined)
current.assigned_to = email.body.assign;
if (email.subject.toString().toLowerCase().indexOf('critical') > -1){
gs.log('this is a critical message'); // you can remove this line
insertCritical();
}
else if (email.subject.toString().toLowerCase().indexOf('warning') > -1 ){
gs.log('this is a warning message'); // you can remove this line
insertWarning();
}
else if (email.subject.toString().indexOf('recovered')){
current.state ="stop_processing";
}
function insertCritical() {
current.opened_by = 'default.user';
current.short_description = email.subject;// + ' from: ' + email.origemail;
current.contact_type = 'email';
current.state = 1; //new
current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs
current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;
current.insert();
}
function insertWarning() {
current.opened_by = 'default.user';
current.short_description = email.subject;// + ' from: ' + email.origemail;
current.contact_type = 'email';
current.state = 6; //resolved
current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs
current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;
current.insert();
}
In the function part - you can remove my entries and put whatever you want the incident to show.
I did not put any function under recovered. Make your own function if needed.
Harel
Please mark as correct or helpful based on impact
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-14-2017 01:16 PM
try adding: > -1 to the statements, as in:
if (email.subject.toString().toLowerCase().indexOf ('CRITICAL') > -1 ){
which I believe means "contains".
harel
Please mark as correct or helpful based on impact
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-15-2017 06:39 AM
Hi Harel,
I have used the code as explained by yourself, this is setting all the created incidents to resolved?
Thanks.
Ahmed.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-15-2017 08:07 AM
Even those coming in with Critical in their subject line? Can you give an example of such subject line?
For instance, I have the following in one of my inbound actions, which works:
if (email.subject.indexOf("A new hire request") == 0) { which means that this is the exact subject
By the way, can you make sure that the incident is not opened as desired and then automatically resolves with a BR or something?
harel
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-15-2017 08:25 AM
Yes, even the ones with Critical are autoclosing.
MSSQL Query - SQL Jobs Check is CRITICAL - that is the subject line for Critical
Drive F: Disk Usage is WARNING - that is subject line for Warning
Drive F: Disk Usage is Recovered - that is the subject line for Recovered - These should not be generating but these are still showing.
No, the auto close feature has been disabled.
Kind Regards
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-15-2017 07:05 AM
Hi Ahmed
You should consider using event management tool. It's not a good practice to integrate monit tool directly with ServiceNow.
How many alerts are generated per day?
PS: I don't sell any event management tools 🙂