Join the #BuildWithBuildAgent Challenge! Get recognized, earn exclusive swag, and inspire the ServiceNow Community with what you can build using Build Agent.  Join the Challenge.

Step by step walk through on converting SNMP trap to a ServiceNOW incident?

Go to solution
dan_tembe
Tera Contributor

‎02-20-2017 10:38 AM

Hello ServiceNOW Community.

New here to ServiceNOW but a long time tools exposure around HPOV, Netcool, NNMi, etc..dev ops engineer.

I am working with a development instance of ServiceNOW where I want to integrate various diverse tools and endpoints into ServiceNOW via SNMP traps.

I know there are commercial tools that allow us to do this, but I want to research how easy or hard it is to do this with just the ServiceNOW events management dashboard. I already have tools that can perform monitoring, and want to leverage ServiceNOW event management functionality to create incidents. Getting the Traps and JSON feeds using MID server into the central ServiceNOW was very straightforward. I am stuck beyond that, getting the event mapped properly to an incident.  

For now here is where I am at -

I have a dev. instance of ServiceNOW operational. I asked for and have the Events Management module functions available & enabled.

I have setup a MID server in my lab environment, which is successfully receiving SNMP Traps and forwarding them to the ServiceNOW Development instance assigned to me. I have confirmed this by checking the ServiceNOW events table (em_event). I can see the traps in the raw (?) format in the table or under all events screen. From here to getting one of the traps into event is where I need help.

I am having a hard time understanding how to map the event into a ServiceNOW incident using a rule. I see the trap gets forwarded and all the varbinds from the trap are getting up to the ServiceNOW event.

I was wondering if there is a cheat sheet or a video or a document that shows how to map a trap or event into proper severity, fields and move it into incident management. I read the wiki and all items that came up in search, but still confused. I feel that if I can do one and get it mapped from event to incident, then I can replicate the same process for the few others that I need to do the same for.

thanks in advance for your insight / help / support.

Dan

PS - for testing purposes I am sending test SNMP traps from PRTG to ServiceNOW via MID server. I have attached some screens if that helps clarify my ask.

Labels:
Preview file
301 KB
0 Helpfuls
  • 10,337 Views
1 ACCEPTED SOLUTION

Go to solution
Tony Branton
ServiceNow Employee
ServiceNow Employee
In response to dan_tembe

‎02-27-2017 05:07 PM

Hi Dan,



Here's the PRTG event integration guide I prepared not long ago.   The most challenging part of the integration is obtaining curl.exe - the version in the guide may no longer be available so you may need to try others from the web site.



If this is useful be sure to mark this response as helpful and a correct answer .


View solution in original post

Preview file
596 KB
11 REPLIES 11

Go to solution
tony_barratt
ServiceNow Employee
ServiceNow Employee
In response to Tony Branton

‎08-31-2017 11:55 PM

Hi Tony/Dan,



If getting hold of curl.exe could be tricky to deploy and use, powershell might be more convenient?



I did make a post here, which shows how to generate powershell instead of curl.


Powershell command to update cmdb_ci_win_server table's record using API.


Python, Ruby and perl could be also used in a similar way.



If the reply was informational, please like, mark as helpful or mark as correct!


Go to solution
Hitoshi Ozawa
Giga Sage
Giga Sage

‎07-30-2020 06:54 PM

For you reference. Now in 2020, setup steps to integrate PRTG with ServiceNow is much much easier. On the PRTG side, there's no curl installation nor any other setup beside creating an user for ServiceNow.

https://docs.servicenow.com/bundle/orlando-it-operations-management/page/product/event-management/ta...