Event management - finding CI's

kuligof
Kilo Explorer

I'm interested in knowing more about the new Event management feature in Eureka.

For the Monitoring system - the one that is sending Alert messages to Svc Now - what data must it send to Svc Now so that it can recognize what Configuration Item the Alert is related to?   That is, what data field(s) on the CI in the CMDB must be common to the Monitoring system?

1 ACCEPTED SOLUTION

Ahhhh.....I think I see where the trouble is. I believe it is just the terminology.



So, "Node" in ServiceNow Event Management is what we(Evanios) call the monitored object. Node is kinda misleading.......In our stuff we call it the "ObjectName". But yes, this value would be the primary value/name of the event information coming from the monitored source tool.



For example, if it was a "Host Unavailable" event coming from SCOM tool, you would want the Node field value to represent the hostname/servername.



or if it was a "Router Down" event coming from Solarwinds tool, you would want the Node field value to represent the router/device name.



or if it was a " Oracle Database down" event coming from an Oracle application log, you would want the Node field value to represent the Oracle database name.



In our Evanios process, we call this event Normalization. Sometimes this event data can be anywhere within the monitored tools event stream. And it would need to be mapped or Normalized to have some Common Event Format structure in the Event Management solution. In ServiceNow Event Management, the Node field would map (Normalize)   against a particular monitored tools event stream depending on what type of event it is.



I hope I didn't confuse you more.   But I hope that helped a bit.


View solution in original post

10 REPLIES 10

sherard
Mega Expert

Frank,



Not sure if I understood your question properly but...



I believe this has a couple factors to consider. What CI class are you referring to? And what event info is being passed from the monitored object? are the two questions that come to mind first. Depending on what was used to populate the CMDB could also be a factor but to keep things simple let's say you are looking for computer CI's that have a monitored event that gets sent to ServiceNow.



Typically the Node field in the ServiceNow Alert would be the closest matched value to what would be referenced to a CI. But don't forget that the Alert form already exposes the CI reference field. So, the Node field can really be anything. As you can create any monitored event information to match against a that CI field with some rule building.



If you are wanting a bit more flexibility in doing such things such as event/alert manipulation... take a look at the Operations solution at ww.evanios.com as well and that might provide some additional offerings for you.



--Sherard


Sherard,


Apparently I don't quite understand Event Mgmt well enough, and apparently its not as straightforward as descirbed in the Svc Now sales webinar.



If someone comes to me, as a Svc Now Admin, and asks me if their monitoring tool can send alerts to Svc Now, I guess I can give the ubiquitous salesperson answer of 'yes, of course'.   But I will really have no idea because I don't know what piece, or pieces, of information that Svc Now and the alerting tool need to have in common in order for the alert to be tied to a specific CI.


Well Hopefully, I can help you here!!



So, according to the wiki Integrating External Events with Event Management - ServiceNow Wiki the ServiceNow Event Management solution shows 2 "preferred" methods of integrating to the ServiceNow Events table em_event. This would be integrating using a REST API or having the monitoring tool have the ability to execute a python script to pass the event information.



So, the monitoring tool or source would need to have web services protocols to use REST. Or the monitoring tool would execute script actions via CMD line or within the tools functionality,.



There are many other methods to integrate sources/monitoing tools with ServiceNow but, according to ServiceNow, the wiki link posted are the ones they want you to use, I guess to integrate with the ServiceNow Event Management application. Meaning other integration methods would need to be created manually or would be custom integrations created for the purpose of integrating those events.



There are many other protocols the monitoring tools/sources might be able to use. They can send events via SNMP, parsing log files, TCP/UDP connections, web services, and cmd line executions are just the main ones. Evanios has made it easy to make all these integrations possible. Check it out on their website. www.evanios.com. They have already pre-packaged integrations for many leading monitoring tools. They also even have their own monitoring solution made on ServiceNow.


Thanks for your help Sherard.   Reading that Wiki page, I still don't know what 'Node' is supposed to be - the Name of the CI, the IP Address, the Serial Number, any of these, or something else?


Nonetheless, it appears this is something that will take quite a bit of development, and its good to know that Evanios can help when we are ready to take on an event alerting project.


Ahhhh.....I think I see where the trouble is. I believe it is just the terminology.



So, "Node" in ServiceNow Event Management is what we(Evanios) call the monitored object. Node is kinda misleading.......In our stuff we call it the "ObjectName". But yes, this value would be the primary value/name of the event information coming from the monitored source tool.



For example, if it was a "Host Unavailable" event coming from SCOM tool, you would want the Node field value to represent the hostname/servername.



or if it was a "Router Down" event coming from Solarwinds tool, you would want the Node field value to represent the router/device name.



or if it was a " Oracle Database down" event coming from an Oracle application log, you would want the Node field value to represent the Oracle database name.



In our Evanios process, we call this event Normalization. Sometimes this event data can be anywhere within the monitored tools event stream. And it would need to be mapped or Normalized to have some Common Event Format structure in the Event Management solution. In ServiceNow Event Management, the Node field would map (Normalize)   against a particular monitored tools event stream depending on what type of event it is.



I hope I didn't confuse you more.   But I hope that helped a bit.