Automatically create the incident ticket when the event is generated in Event table(em_table)

sandeep_gadge · ‎04-12-2018

Hi ,

I want to create incident ticket automatically , when there is a new record entry in event table(em_event).

I have used the event collection via cURL shell script to detect tomcat service stop event as below.

https://docs.servicenow.com/bundle/geneva-it-operations-management/page/product/event_management/task/t_EMSendEventStream.html

When tomcat is stops this shell script gets run and create the event ticket. i.e. entry in em_event table.

I want to create the incident ticket, as soon as the event ticket gets generated.

One way is create bussiness rule on em_event table after insert, but it degrades the performance.

can we do this via jobs? how?

How to solve this? Please provide the another solution options.

Thanks in advance !!!

arielgritti · ‎04-13-2018

Hello

I'm sorry. I did mix my answers with another question 😞

When you insert the event in the em_event table you must set value for some fields. One field is "source". If you set source = 'something' you can create an alert rule with the same condition to create an alert when an event with source = 'something' is generated.

The alert rule must have the source = 'something' to fire. In the alert rule, an option is to auto-open an incident. And additional option is use a incident template.

You can use another fields in the em_event and em_alert to "match".

I hope my answer has been useful

Ariel

PS: Please mark my answer correct or helpful if I have helped you. Thanks

View solution in original post

Rohit Kaintura · ‎04-12-2018

You can use script actions to create server-side scripts that perform a variety of tasks, such as modifying a configuration item (CI), or managing failed login attempts. Script actions are triggered by events only.

In this way, you can create a incident as well.

arielgritti · ‎04-13-2018

Hello

You must create a event rule and alert rule.

The event rule to handle the event in the em_event table for "Tomcat" and the alert rule to automatically open an incident for that event (you can use an incident template in the alert rule).

In my case, an example for you:

I have this alert rule to create an incident and assign a KB with that conditions:

The "incident template" like this

I hope my answer has been useful

Ariel

PS: Please mark my answer correct or helpful if I have helped you. Thanks

sandeep_gadge · ‎04-13-2018

Thanks for your reply !!!

I think these rules are created in event management guided setup?

I am not getting how and where this alert action rule will get mapped with generated event? Incident template its just a format for creating record into incident table.

Can you please provide me the link?

arielgritti · ‎04-13-2018

Hello

I'm sorry. I did mix my answers with another question 😞

When you insert the event in the em_event table you must set value for some fields. One field is "source". If you set source = 'something' you can create an alert rule with the same condition to create an alert when an event with source = 'something' is generated.

The alert rule must have the source = 'something' to fire. In the alert rule, an option is to auto-open an incident. And additional option is use a incident template.

You can use another fields in the em_event and em_alert to "match".

I hope my answer has been useful

Ariel

PS: Please mark my answer correct or helpful if I have helped you. Thanks