Nagios to Service-Now - Creating alerts using inbound actions

Go to solution
ahmedhussain1
Kilo Contributor

‎04-08-2017 09:42 PM

Hi,

I am looking at creating incidents using inbound actions on Nagios Alerts. I have done this by using the service-now email in Nagios alerts.

I am struggling with the inbound actions to make this do different actions for different types of alerts, I am looking at setting Critical Alerts to active and Warnings to resolved with all the relevant fields completed.

I have the code below for Critical / Warning Alerts:

//Note: current.opened_by is already set to the first UserID that matches the From: email address

current.caller_id = gs.getUserID();

current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;

current.short_description = email.subject;

current.category = "Alert";

Current.State = "Resolved";

current.caller = "Nagios Alert";

current.AffectedUser = "Nagios Alert";

Current.SubCategory = "Other";

current.incident_state = 4;

current.notify = 4;

current.contact_type = "email";

if (email.body.assign != undefined)

current.assigned_to = email.body.assign;

if(email.importance != undefined)

if (email.importance == "CRITICAL", "WARNING")
current.priority = 4;

if (email.body.priority != undefined)

current.priority = email.body.priority;

current.insert();

If someone can help with the coding this would be a great help.

Thanks.

Labels:
0 Helpfuls
  • 2,588 Views
1 ACCEPTED SOLUTION

Go to solution
oharel
Kilo Sage
In response to ahmedhussain1

‎04-15-2017 09:05 AM

Hi Ahmed,



This is tested in my instance:


current.caller_id = gs.getUserID();

current.comments = "received from: " + email.origemail + "\n\n" + email.body_text;

current.short_description = email.subject;


if (email.subject.assign != undefined)

   current.assigned_to = email.body.assign;

if (email.subject.toString().toLowerCase().indexOf('critical') > -1){

   gs.log('this is a critical message'); // you can remove this line

   insertCritical();

}

else if (email.subject.toString().toLowerCase().indexOf('warning') > -1 ){

   gs.log('this is a warning message'); // you can remove this line

   insertWarning();

}

else if (email.subject.toString().indexOf('recovered')){

   current.state ="stop_processing";

}


function insertCritical() {

   current.opened_by = 'default.user';

   current.short_description = email.subject;// + ' from: ' + email.origemail;

   current.contact_type = 'email';

   current.state = 1; //new

   current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs

   current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;

   current.insert();

}

function insertWarning() {

   current.opened_by = 'default.user';

   current.short_description = email.subject;// + ' from: ' + email.origemail;

   current.contact_type = 'email';

   current.state = 6; //resolved

   current.assignment_group = '4c2bdb770f3e0a0030691b2be1050e38'; //some AG. Change it to suit your needs

   current.description = "[Received email from: " + email.origemail + "]\n\n" + email.body_text;

   current.insert();

}


In the function part - you can remove my entries and put whatever you want the incident to show.


I did not put any function under recovered. Make your own function if needed.



Harel


Please mark as correct or helpful based on impact


View solution in original post

12 REPLIES 12

Go to solution
oharel
Kilo Sage
In response to ahmedhussain1

‎04-14-2017 01:16 PM

try adding: > -1   to the statements, as in:


if (email.subject.toString().toLowerCase().indexOf ('CRITICAL') > -1 ){


which I believe means "contains".



harel


Please mark as correct or helpful based on impact


0 Helpfuls

Go to solution
ahmedhussain1
Kilo Contributor
In response to oharel

‎04-15-2017 06:39 AM

Hi Harel,




I have used the code as explained by yourself, this is setting all the created incidents to resolved?




Thanks.




Ahmed.


0 Helpfuls

Go to solution
oharel
Kilo Sage
In response to ahmedhussain1

‎04-15-2017 08:07 AM

Even those coming in with Critical in their subject line? Can you give an example of such subject line?


For instance, I have the following in one of my inbound actions, which works:


if (email.subject.indexOf("A new hire request") == 0) { which means that this is the exact subject



By the way, can you make sure that the incident is not opened as desired and then automatically resolves with a BR or something?



harel


0 Helpfuls

Go to solution
ahmedhussain1
Kilo Contributor
In response to oharel

‎04-15-2017 08:25 AM

Yes, even the ones with Critical are autoclosing.




MSSQL Query - SQL Jobs Check is CRITICAL - that is the subject line for Critical




Drive F: Disk Usage is WARNING - that is subject line for Warning



Drive F: Disk Usage is Recovered - that is the subject line for Recovered - These should not be generating but these are still showing.



No, the auto close feature has been disabled.



Kind Regards


0 Helpfuls

Go to solution
ashwinkumar_pat
Giga Expert

‎04-15-2017 07:05 AM

Hi Ahmed



You should consider using event management tool. It's not a good practice to integrate monit tool directly with ServiceNow.



How many alerts are generated per day?



PS: I don't sell any event management tools 🙂


0 Helpfuls