Forum Discussion

Lewis_Beard's avatar
Lewis_Beard
Icon for Professor rankProfessor
2 months ago
Solved

Alert Severity in LM vs Priority in ServiceNow

I know that LogicMonitor deals with Alert Severity. In ServiceNow, Incidents also have the concept of Priority. I'm wondering, does LogicMonitor have an equivalent of Priority that can be leveraged in the product innately? I am not referring to Alert Rules and Priority, I mean SNOW's P1, P2, P3, P4 style of concept, used in Incidents.

I don't see anything right off in the product, and I've been using it for a few years, but sometimes I miss features in the busy day-to-day. I'm not even sure I have a business need. But we do send some alerts from LM to SNOW and I wanted to make sure there isn't some other "Priority" metric or equivalent? Occasionally I get asked about it.

Thanks!

  • emcgowan's avatar
    emcgowan
    2 months ago

    Hi Lewis_Beard​  - You're not missing anything, LogicMonitor Alert Severity is the best option based on our supported data. 

    You could try customizing the the LogicMonitor ServiceNow Integration payload to pass along Impact and Urgency values, and then use SN Transform Map or business rule to map that to Priority, but that wouldn't be officially supported

3 Replies

  • emcgowan's avatar
    emcgowan
    Icon for Product Manager rankProduct Manager
    2 months ago

    Hi Lewis_Beard​  - You're not missing anything, LogicMonitor Alert Severity is the best option based on our supported data. 

    You could try customizing the the LogicMonitor ServiceNow Integration payload to pass along Impact and Urgency values, and then use SN Transform Map or business rule to map that to Priority, but that wouldn't be officially supported

    • Lewis_Beard's avatar
      Lewis_Beard
      Icon for Professor rankProfessor
      2 months ago

      But Impact and Urgency would still be something custom, I dont recognize those as things I see in association with alerts either. :) But sounds good .... I figured it would be something we would have to choose to implement manually in LM. Thanks!

      • Dave_Lee's avatar
        Dave_Lee
        Icon for Advisor rankAdvisor
        6 hours ago

        I thought I might offer my real world experience of using this...

        This might just be our instance of Service Now, but our service now expects us to pass values for Impact and Severity (or it might be Urgency, we pass both to Service Now) and it calculates the Priority based on a mapping table of Impact vs Severity.

        From our payload config:

            "severity": "##servicenow.severity##",
            "urgency":"##servicenow.severity##",
            "impact":"##servicenow.impact##",

        The servicenow.severity isn't actually a device property, LogicMonitor sets that to a value that relates to the level of the alert (critical=1, error=2, warn=3).   We pass that as both severity and urgency in our payloads to service now.  I'm not actually sure which it uses - I imagine one of them isn't actually used.

        servicenow.impact is a value that we set on devices.  We set it to 2 at the root of our Logic Monitor instance, so it's inherited by all devices.  If we decided that one device (or a group) were not as important, we set the property servicenow.impact=3 at that device (or group), likely we set it to 1 for devices that are critical.

        So the Priority that Service Now assigns to the incident at creation is controlled by Service Now, but it takes into account of the alert severity and the impact value (which we can change to influence to Priority).

        I don't think we customised the Service Now side of the integration to handle the "impact" field, so if you're not sending it I guess it's defaulting to something.