Forum Discussion

Jason_Clemons's avatar
Jason_Clemons
Icon for Neophyte rankNeophyte
13 days ago

LM / ServiceNow Integration

I'm working on some API commands for ServiceNow from LogicMonitor and am trying to see if there's a way to see further information from the return payload from ServiceNow when a ticket is generated via the integration. 

In particular, I'm trying to capture the sys_id field from ServiceNow so that I can use this to access the ticket in an escalation step using a custom HTTPS API command. I can see the payload includes sys_id in the integration logs, and indeed LogicMonitor uses it to generate the link to the ticket on the alert screens. 

Does anyone know if there's a token or such that can be used to access this info, or if there would be a way of storing it for access?

2 Replies

  • Dave_Lee's avatar
    Dave_Lee
    Icon for Advisor rankAdvisor
    11 days ago

    LogicMonitor does store the Incident number and also seems to store a link to the Incident, which includes the sysid.  If you query the LogicMonitor API for the information about an alert, you will see something like the following in the alertExternalTicketUrl column

     "alertExternalTicketUrl": {
    "servicenowIncidentLinks": {
      "INC5132740": "https://XXXXX.service-now.com/now/nav/ui/classic/params/target/incident.do%3Fsys_id%3Db05f563a1b962a10438ced79b04bcb81"
    }
  },

    I don't think you would be able to access this from a token so you could pass it to a custom HTTP integration though.

    Depending on what system you are hitting with your custom HTTPS integration, maybe you could pass it the alert ID, then maybe get your external system to query the LM API for the details of the alert, then parse the sysId from the alertExternalTicketUrl column?

    Then again, if you can have the external system do that, you could instead just have it query Service Now to find the Incident based on the AlertId that will be stored against it.

    If it helps, here's some python code I've pulled out of a bigger project, I think it'll work standalone

    import requests
import json
import hashlib
import base64
import time
import hmac

instance = "xxxxx" # name of your ServiceNow instance
username = "xxxxx" # your ServiceNow username
password = "xxxxx" # your ServiceNow password
alertid = "xxxxxxxx" # LogicMonitor alert ID to search for

# Set up the API endpoint for incident search
uri = f"https://{instance}.service-now.com/api/now/table/incident"

# Set up authentication
auth_header = base64.b64encode(f"{username}:{password}".encode()).decode()
headers = {
    "Accept": "application/json",
    "Content-Type": "application/json",
    "Authorization": f"Basic {auth_header}"
}

# Query parameters - search for the specific LogicMonitor alert ID and exclude certain incident states
# 7 = Resolved, 6 = Closed, 14 = Pending Closure
query_params = {
    "sysparm_query": "x_lomo_lmint_logicmonitor_alert_id=" + alertid + "^incident_stateNOT IN14,6,7",  
    "sysparm_fields": "number,short_description,sys_id,state,priority,assigned_to,logicmonitor_alert_id",
    "sysparm_limit": "1"  # Limit to 1 result since we're looking for a specific record
}

try:
    # Make the GET request to ServiceNow
    response = requests.get(
        uri,
        headers=headers,
        params=query_params
    )
    
    # Check if the request was successful
    if response.status_code == 200:

        print(f"Response: {response.text}")
        result = response.json()
        
        if result['result']:
            logging.info("Incident found:")
            logging.info(json.dumps(result['result'][0], indent=2))
            return result['result'][0]
        else:
            print(f"No incident found with logicmonitor_alert_id={alertid}")
            return None
    else:
        logging.error(f"Error: {response.status_code} - {response.text}")
        return None
        
except Exception as e:
    logging.error(f"Exception occurred: {str(e)}")
    return None

     

    • Jason_Clemons's avatar
      Jason_Clemons
      Icon for Neophyte rankNeophyte
      7 days ago

      The idea here ultimately is to have LM trigger an escalation 1 hour after an alert/SNow Incident is created which will add an Incident Task to the Incident. I have the SNow API string developed out to do so but need the sys_id field to attach it to the correct Incident. So, the custom HTTP integration is to send that API call to the same ServiceNow instance.