Incidents creating multiple times for same Issue

Manu22 · ‎01-26-2019

Hi,

I've a query related to Incident creation in my developer instance of service now, currently I'm sending SolarWinds alerts to ServiceNow through my instance (dev54201@service-now.com) email id, but here I observed that incidents are creating multiple times of same issue with different INC number.

We want this type of solution as given below -

Currently, when a solarwinds feed goes down, a message is sent to a shared email address to notify support that a feed has gone down (team gets a “Down” email). Someone on our support team reviews the message and will submit a GDS support ticket if the feed does not come back up (i.e. receives a follow-up “Up” email) within 15 minutes. We want a script that automates this process.

Additionally, users that receive these message are currently getting spammed with device Up/Down emails. If a ticket has been submitted for a device outage, we want the system to add any follow-up emails for the same device received within the next 12 hours to be added as comments in the ticket, instead of creating a new ticket. If no follow-up emails are sent for the same device after 12 hours, then a new ticket should be created.

Functional Requirements

Automatically create a Device Down ticket after Device Down email is received and a Device Up email for the same device is not received within 15 minutes of the Device Down email
Instead of creating a new ticket for every Device Up/Down email, the system should add any follow up Up/Down emails received for the same device as a comment if the follow-up email is received within 12 hours of the previous email.

I've tried to define Business rules, but no luck, can your team help or give solutions to get resolved this issue. If you have javascript code for the above given issue please provide us so that we can test it in action tab in the business rule.

Or if you have any other solution please provide us the steps.

Thanks

Manu.

Munender Singh · ‎01-29-2019

Hi,

You would neet to set up the inbound actions to achieve this,I can not provide the code but can outline the process and steps,if you need help with code we can do that one by one,

1.Create an inbound to catch the emails coming from 'solarwind id' and put a condition if the email.origemail.indexOf('solarwind@example.com')>-1,then write a code to create the incident and copy the subject as the short desc of incident and the body of email as the description of incident and hardcode the assignment group.

2.Now,as the alerts are getting generated from solarwind,so consult the Solarwind admin,if there is a GUID(some unique id) associated with those alerts the,ask him to make it a part of incoming email.Then,create a field on incidnet to capture the unique alert id on incident form.You can keep it hidden.This is to check the uniqueness of alerts.

3.Now,run a condition on the inbound action,for these 3 condns:

3.1.That if the GUID of incoming alert is same as that present in our incident database and our incident is in open state,just copy the body of alert into comments

3.2If the GUID is different then,just create a new incident

3.3 If the GUID of incoming email matches but ,incident is in closed state then,create a new.

3.4 If the alert body and subject are same that of incident present in our database then,just copy that into the comments

Note:We have achieved same for SCOM alert management in servicenow.

Regards,

Munender

View solution in original post

Munender Singh · ‎01-29-2019

Hi,

You would neet to set up the inbound actions to achieve this,I can not provide the code but can outline the process and steps,if you need help with code we can do that one by one,

1.Create an inbound to catch the emails coming from 'solarwind id' and put a condition if the email.origemail.indexOf('solarwind@example.com')>-1,then write a code to create the incident and copy the subject as the short desc of incident and the body of email as the description of incident and hardcode the assignment group.

2.Now,as the alerts are getting generated from solarwind,so consult the Solarwind admin,if there is a GUID(some unique id) associated with those alerts the,ask him to make it a part of incoming email.Then,create a field on incidnet to capture the unique alert id on incident form.You can keep it hidden.This is to check the uniqueness of alerts.

3.Now,run a condition on the inbound action,for these 3 condns:

3.1.That if the GUID of incoming alert is same as that present in our incident database and our incident is in open state,just copy the body of alert into comments

3.2If the GUID is different then,just create a new incident

3.3 If the GUID of incoming email matches but ,incident is in closed state then,create a new.

3.4 If the alert body and subject are same that of incident present in our database then,just copy that into the comments

Note:We have achieved same for SCOM alert management in servicenow.

Regards,

Munender

Manu22 · ‎01-30-2019

Hi Munender,

Excellent ,This what we were looking for, we are very much thankful for your reply.

Actually I'm new to service now so the steps you suggested I can follow but still I'm not as expert as you guys has achieved.

Can I you step up those settings in my personal service now instance, I'll provide my credential to you, then you can create inbound action and put the code there.

After this you just tell me in which field I require changes so that we will do it according to our settings.

Please suggest.

Once again many thanks for your help.

Thanks,

Manu.

Munender Singh · ‎01-31-2019

Hi Manu,

I am okay to help you in setting up this on your personal instance,but would be available on this weekend,please contact me on my emailid-munender1991@gmail.com.As I am not checking community much and can share ur credentials on my emailid.

Regards,

Munender

Manu22 · ‎01-31-2019

Hi Munender,

Thank you, I've shared my instance details to your mail ID.

Please check the same.

Thanks,

Manu.