Forum Discussion

venkat's avatar
venkat
Icon for Neophyte rankNeophyte
2 months ago

LM Servicenow Integration

We have integrated service now with LogicMonior and we see that the Auto resolution of Incidents is not happening even when the Alert is cleared in LogicMonitor.

We see that there is no clear even in logs of the integraion even after he alert is cleared which is causing the Incident in open state

  • David_Bond's avatar
    David_Bond
    2 months ago

    I think that there's still a bug whereby auto-deleted instances that WERE in alerting don't send an alert clear notification at the point of deletion.

    This is a real problem, for example with the following use case:

    1. Device has 5 disks
    2. LM Active Discovery find them and creates 5 instances
    3. Disk is removed (e.g. due to a planned change)
    4. Disk goes into alerting for (.e.g) 4 hours
    5. LM Active Discovery finds the disk missing and deletes the instance
    6. No alert clear is sent

    This bug means that you ABSOLUTELY CANNOT RELY on LM's Alert Clear alert notifications for anything.

  • Ajay's avatar
    Ajay
    Icon for LM Champion rankLM Champion
    2 months ago

    Hi Venkat,

    High chance the servicenow integration setup is not completed for the clear alert action. Please use this documentation in detail: https://www.logicmonitor.com/support/alerts/integrations/servicenow-integration

    Check the HTTP delivery section

    I recommend raising support cases for issues like this with full details and screenshots, so that specific guidance can be given for your particular portal case. 

    Hope that helps

    • venkat's avatar
      venkat
      Icon for Neophyte rankNeophyte
      2 months ago

      It is happening for few incidents and not all incidents.Few are getting cleared and few are not 

      • Mike_Moniz's avatar
        Mike_Moniz
        Icon for Professor rankProfessor
        2 months ago

        I think you should still work with support, but in the past there was a few situations where clear messages were not being sent out. I believe most of these have been fixed over time though. You may want to track how exactly the alerts are getting cleared to look for patterns. For example, if you "clear" an alert by deleting the device itself, perhaps that might not send a clear message. Or if the clear occurs during a SDT or by the instance being deleted. Might explain why sometimes it works and sometimes it doesn't. In the past I've never really relied on LM always sending a clear but it's gotten better at it.

        Also, I wouldn't suggest auto-closing tickets when an alert clears. That can lead to flapping alerts that noone looks at or situations like alerts that occur every night but clear by morning and it doesn't get looked at. I generally suggest to just add a Note to the ticket that the alert cleared, but still have someone look at the alert.

  • Andy_C's avatar
    Andy_C
    Icon for Neophyte rankNeophyte
    29 days ago

    I'm not aware of any system that sends a clear when an alerting object is deleted.  I'm sure there might be some, but since a clear is based on a state change that will never arrive....

    • David_Bond's avatar
      David_Bond
      Icon for Professor rankProfessor
      27 days ago

      In a containerized environment with hundreds, if not thousands of resources, this will mean that the ticketing system will be constantly filled with alerts.

      Source: we have Kubernetes and LogicMonitor.

  • venkat's avatar
    venkat
    Icon for Neophyte rankNeophyte
    2 months ago

    Also for the incidents nott getting auto resolved LM is no sending he clear alert...but he alert is getting closed

  • David_Bond's avatar
    David_Bond
    Icon for Professor rankProfessor
    2 months ago

    I think that there's still a bug whereby auto-deleted instances that WERE in alerting don't send an alert clear notification at the point of deletion.

    This is a real problem, for example with the following use case:

    1. Device has 5 disks
    2. LM Active Discovery find them and creates 5 instances
    3. Disk is removed (e.g. due to a planned change)
    4. Disk goes into alerting for (.e.g) 4 hours
    5. LM Active Discovery finds the disk missing and deletes the instance
    6. No alert clear is sent

    This bug means that you ABSOLUTELY CANNOT RELY on LM's Alert Clear alert notifications for anything.

  • Mike_Moniz's avatar
    Mike_Moniz
    Icon for Professor rankProfessor
    2 months ago

    Ticketing systems I'm used has actually queried LM API to check if an alert is still active before it allows an engineer to close the ticket. We don't want active alerts to be missed/ignored and you can't 100% rely on LM to send clear messages.