ManageEngine ServiceDesk Plus MSP Integration
I built an integration between LogicMonitor and ServiceDesk Plus, thought I would share it with you Building Integration between LogicMonitor and ManageEngine ServiceDesk Plus MSP Integration between LogicMonitor and ManageEngine ServiceDesk Plus MSP is not a pre-built integration, the following will instruct you on building this integration. This integration will be a basic integration and will do the following things 1. Create a new ticket when an alert is kicked off 2. When an alert is acknowledged a note will be placed in the ticket 3. Any Escalation or De-escalation of the alert will be noted in the ticket 4. When an alert is cleared it will resolve the ticket Prepping ServiceDesk Plus MSP First you want to create a requestor account in the account that you are placing the ticket in, you will be using this as who is submitting the ticket Next create a new technician account and give them the rights to handle tickets in the site you are placing the alert tickets. At the bottom of the technician creation screen there is a section called API key details, click the Generate link to create an API Key. Remember this key as you will need it later and you cannot see the key again. If you lose it you will need to Generate a new one and replace it where ever you used the old one. Creating the Integration The following will explain on how to set up a base integration and you can customize it to your liking 1. Login into LogicMonitor and on the left hand side click Settings then click on Integrations 2. Click Add at the top then Click on Custom HTTP Delivery 3. Type in a Name and select “Use different URLs or data formats to notify on various alert activity” 4. Next, we are going to setup each alert activity a. First the New Alerts i. Click the Plus Button to add a new Alert Status ii. Under HTTP Method select HTTP Post iii. For URL select either http or https and type (replace exampleurl.com with the url of your service desk) exampleurl.com/sdpapi/request iv. Under Alert Data select the RAW option v. For Format select Url-Encoded Form Data vi. For the actual alert data, you place the data you want to send to service desk, here is a starter: (replace 555 with the Technician key you created) format=XML&TECHNICIAN_KEY=555&INPUT_DATA= <operation> <details> <subject>##LEVEL## - ##HOST## ##INSTANCE##</subject> <description>Message ##MESSAGE##></description> <requester>Logic Monitor</requester> <category>Monitoring</category> <subcategory>Infrastructure</subcategory> <item>LogicMonitor</item> <technician>Administrator</technician> <mode>Automated</mode> <site>RES</site> <account>RES</account> </details> </operation> *You will need to also replace the Field values to what you need to send. Details on these can be found on ManageEngine’s API Page vii. Click Save b. Next we will add the Acknowledged Status, this will add a note to the ticket when the Alert is acknowledged in LogicMonitor i. Click the Plus Button to add a new Alert Status ii. Select Acknowledged iii. Under HTTP Method select HTTP Post iv. For URL select either http or https and type (replace exampleurl.com with the url of your service desk) exampleurl.com/sdpapi/request/##EXTERNALTICKETID##/notes v. Under Alert Data select the RAW option vi. For Format select Url-Encoded Form Data vii. For the actual alert data you place the data you want to send to service desk, here is a starter: (replace 555 with the Technician key you created) format=XML&TECHNICIAN_KEY=555&INPUT_DATA= <operation> <details> <notes> <note> <notestext>Alert Acknowledged</notestext> </note> </notes> </details> </operation> viii. Click Save c. Next will be the Escalated Status, this will place a note in the Ticket on the Escalation of the ticket i. Click the Plus Button to add a new Alert Status ii. Select Escalated iii. Under HTTP Method select HTTP Post iv. For URL select either http or https and type (replace exampleurl.com with the url of your service desk) exampleurl.com/sdpapi/request/##EXTERNALTICKETID##/notes v. Under Alert Data select the RAW option vi. For Format select Url-Encoded Form Data vii. For the actual alert data you place the data you want to send to service desk, here is a starter: (replace 555 with the Technician key you created) format=XML&TECHNICIAN_KEY=555&INPUT_DATA= <operation> <details> <notes> <note> <notestext>Alert Escalated/De-escalated:Host: ##HOST## Datasource: ##DATASOURCE## Datapoint: ##DATAPOINT## Level: ##LEVEL## Start: ##START## Duration: ##DURATION## Value: ##VALUE## Reason: ##DATAPOINT## ##THRESHOLD##</notestext> </note> </notes> </details> </operation> viii. Click Save d. Next we will tell ServiceDesk to resolve the ticket when the Alert is Cleared i. Click the Plus Button to add a new Alert Status ii. Select Cleared iii. Under HTTP Method select HTTP Post iv. For URL select either http or https and type (replace exampleurl.com with the url of your service desk) exampleurl.com/sdpapi/request/##EXTERNALTICKETID## v. Under Alert Data select the RAW option vi. For Format select Url-Encoded Form Data vii. For the actual alert replace the data you want to send to service desk, here is a starter: (replace 555 with the Technician key you created) format=XML&TECHNICIAN_KEY=555&INPUT_DATA= <operation> <details> <resolution>test</resolution> <status>resolved</status> </details> </operation> viii. Click Save 5. Click the Check box for “Include an ID provided in HTTP response when updating alert status” 6. For HTTP Response Format Choose XML 7. For the Xpath use: /operation[@name="ADD_REQUEST"]/details/workorderid/text()70Views0likes4CommentsBasic Zendesk Integration
The following guide is an example of a custom http integration using the Zendesk API along with some of LogicMonitor's token values. To start off I would recommend reviewing the following resources. LogicMonitor Custom HTTP Delivery Documentation: https://www.logicmonitor.com/support/settings/integrations/custom-http-delivery/ LogicMonitor Tokens: NOTE:(In this guide I create a token ##zendesk.authorid## using a custom property on the device. This allows me to pass this value through the integration. This can be very useful if you need to use the same integration to create tickets as multiple organizations or users. I've included a screenshot below detailing where this is set on the device.) https://www.logicmonitor.com/support/settings/logicmodules/tokens-available-in-datasource-alert-messages/ Zendesk API Documentation: https://developer.zendesk.com/rest_api/docs/core/introduction Complete these steps in Zendesk prior to creating your integration: Create a Zendesk User to be used for authentication. https://support.zendesk.com/hc/en-us/articles/203661986-Adding-agents-and-administrators In the below payloads I use the Zendesk author_id as a token to create, update and close tickets. You can find the author_id for a Zendesk user by checking the following. Configure your Zendesk API key for authentication. https://support.zendesk.com/hc/en-us/articles/226022787-Generating-a-new-API-token- Complete these steps in LogicMonitor to create theIntegration: Add a new Custom HTTP Delivery under Integrations using the following payloads as a starting point. Determine if you would like to use a wildcard for things such as your Zendesk author_id or organization_id etc. Payload Examples: The following examples willCreate, Update and Close ZenDesk tickets with LogicMonitorAlerts. NOTE:When authenticating with the Zendesk api, you will only need to enter your api key in the password field and your username with /token at the end. Active: { "ticket": { "subject": "##LEVEL## - ##HOST## ##INSTANCE##", "type": "incident", "comment": { "body": "Host: ##HOST##\nDatasource: ##DATASOURCE##\nDatapoint: ##DATAPOINT##\nLevel: ##LEVEL##\n Start: ##START##\nDuration: ##DURATION##\nValue: ##VALUE##\nReason: ##DATAPOINT## ##THRESHOLD##"}, "priority": "normal" } } Escalated: { "ticket": { "subject": "##LEVEL## - ##HOST## ##INSTANCE##", "type": "incident", "comment": { "body": "Alert Escalated/De-escalated:\nHost: ##HOST##\nDatasource: ##DATASOURCE##\nDatapoint: ##DATAPOINT##\nLevel: ##LEVEL##\n Start: ##START##\nDuration: ##DURATION##\nValue: ##VALUE##\nReason: ##DATAPOINT## ##THRESHOLD##"}, "priority": "normal" } } Acknowledged: {"ticket": {"status": "open", "comment": { "body": "##MESSAGE##", "author_id": ##zendesk.authorid## }}} Cleared: { "ticket": { "subject": "##LEVEL## - ##HOST## ##INSTANCE##", "type": "incident", "comment": { "body": "Alert Cleared:\nHost: ##HOST##\nDatasource: ##DATASOURCE##\nDatapoint: ##DATAPOINT##\nLevel: ##LEVEL##\n Start: ##START##\nDuration: ##DURATION##\nValue: ##VALUE##\nReason: ##DATAPOINT## ##THRESHOLD##"}, "status": "solved","priority": "normal" } } Here we can see the finished product, a ticket generated and cleared using the above payloads.25Views1like1CommentAutotask and LogicMonitor Integration - Ticket Closure Issue
Hi! I haven't been able to find any specific documentation of trouble associated with this issue so I thought I'd reach out to the community! My team has LogicMonitor integrated with Autotask that we use to open/close tickets, however, it appears that only certain tickets get closed when LogicMonitor alerts disappear. Everything in the integration itself is setup properly to permit closure of these tickets, (Cleared is set to Complete) but often it doesn't occur and we have to clear the alerts from autotask manually which, as you can imagine, can be a time intensive task. Any troubleshooting steps or settings in either LogicMonitor or Autotask that I should look into to fix this issue? Thank you all for any help you guys can provide!17Views0likes5CommentsNeed Token for Device ID to be able to pass to Alerts
All, Although LogicMonitor provides a key identifier in the Device Resource called "id"https://www.logicmonitor.com/support/rest-api-developers-guide/devices/about-the-device-resource/, it doesn't provide a mechanism to actually reference that key identifier via a token.https://www.logicmonitor.com/support/settings/logicmodules/tokens-available-in-datasource-alert-messages/ Can you please either create a token for the device id's or expose the device id as a system property of the device?8Views0likes1CommentFetching A Specific Dashboard URL
Hello all, I am currently researching the possibility of running an integration between ServiceNow, an application my company utilizes, and LogicMonitor. I have a request from an end user to open a specific dashboard(this dashboard is different depending on certain conditions, but it is the same typeof dashboard) when a link is clicked on the ServiceNow side. After looking at the REST API for LogicMonitor, specifically the API for getting information about a dashboard,I haven't found anything that points to the ability to grab the dashboard URL. I am able to craft a hyperlink such that it opens to ALL the dashboards for my company, but since the dashboards don't seem to follow a set pattern in their URL end-tags, I haven't been able to find a way to make the link dynamically specific to the dashboard that the end user wants. For reference, the desired dashboard URL will resolvetohttps://companyname.logicmonitor.com/santaba/uiv3/dashboard/#dashboard=XXXXX, I need to know how to get either the entire URL or the dashboard number at the end (which is DYNAMIC), if possible. Any input you may be able to offer is appreciated. Thank you for your time!7Views0likes1CommentCustom button/link on an alarm or custom menu on a device
Custom button on an alarm or custom menu on a device Is it possible to add a custom button onto an alarm to run an action? e.g. where "Explore Maps", "Add Note", "Put in SDT", "Escalate", "Acknowledge" are located. Is it possible to add an item to the device view? e.g. when go to the device and view Host Status, there is an Acknowledge button. Could we add another button here? or could we add another item to the drop down menu? e.g. where "Manage Device", "Add monitored Instance", etc, are displayed. The action for both would be a custom http delivery integration.6Views0likes1CommentHow to get further details from getAlert?
Hi I want to extract my information according to this interface example_notification_data = { 'host': "10.10.10.86", 'host_name': "Debian-App", 'incident_created': "2016-10-10T02:27:47+07:00", 'component_type': "server", 'component_status': 0, } host is an local IP address host_name is string hostname incident_created is timestamp with timezone format is ISO8601 component_type is "server" or "vm" base on the component type. It is OK to hardcode by "server" because NOC has to investigate in detail component_status is always 0. Because my customer would like to see the critical case and first developer from that endpoint refuses me to change his format. He claims "I had 3 times changed which is enough". Therefore I have to leave this key in json payload for historical purpose. Here is my Python script and import json import pprint from urllib import parse, request from config import (USER, PASSWORD, COMPANY) def rpc(action, params): """ Make a call to the LogicMonitor RPC library and return the response Reference: https://www.logicmonitor.com/support/rpc-api-developers-guide/overview/using-logicmonitors-rpc-api/ """ print("Calling action: {action}".format(action=action)) print("Parameters: {params}".format(params=params)) param_str = parse.urlencode(params) creds = parse.urlencode({"c": COMPANY, "u": USER, "p": PASSWORD}) if param_str: param_str = param_str + "&" param_str = param_str + creds try: url = "https://{0}.logicmonitor.com/santaba/rpc/{1}?{2}" f = request.urlopen(url.format(COMPANY, action, param_str)) return f.read() except IOError as ioe: print(ioe) def main(): pp = pprint.PrettyPrinter(indent=4) response = rpc("getAlerts", {"level": "critical"}) tmp_text = response.decode("utf-8") instance = json.loads(tmp_text) msg = instance.get('data').get('alerts') pp.pprint(msg) if __name__ == "__main__": main() Here is my response [ { '_id_': 'LMD8983', 'ackComment': 'OK', 'acked': True, 'ackedBy': 'wisut.j@cloudhm.co.th', 'ackedOn': 1475652110, 'ackedOnLocal': '2016-10-05 14:21:50 ICT', 'active': True, 'alertEscalationChainName': 'default', 'alertRecipients': '', 'alertRuleId': 3, 'alertRuleName': 'Critical', 'clearValue': '', 'dataPoint': 'idleInterval', 'dataSource': 'HostStatus', 'dataSourceDisplayName': 'Host Status', 'dataSourceId': 128, 'dataSourceInstance': 'HostStatus', 'dataSourceInstanceDescription': '', 'dataSourceInstanceId': 4911958, 'dataSourceType': 'DS', 'displayName': 'Host Status', 'duration': '52h 31m', 'endOn': 0, 'endOnLocal': '', 'escalationChainId': 1, 'escalationSubChainId': 0, 'host': 'VC-TCCT', 'hostDataSourceId': 393, 'hostGroups': [ { 'alertEnable': True, 'appliesTo': '', 'createdOn': 0, 'description': 'root folder', 'fullPath': '', 'groupType': 0, 'id': 1, 'name': 'cloudhm', 'parentId': 0}], 'hostId': 8, 'id': 74, 'inSDT': True, 'level': 'critical', 'nextRecipient': 0, 'sdt': [ { 'admin': 'wisut.j@cloudhm.co.th', 'category': {'name': 'HostSDT'}, 'comment': '', 'duration': 0, 'endDateTime': { 'day': 31, 'hour': 12, 'minute': 30, 'month': 10, 'weekDay': 2, 'year': 2016}, 'endHour': 0, 'endMinute': 0, 'hostId': 8, 'hour': 0, 'id': 1, 'isEffective': True, 'minute': 0, 'monthDay': 0, 'sdtType': 1, 'startDateTime': { 'day': 5, 'hour': 13, 'minute': 43, 'month': 10, 'weekDay': 4, 'year': 2016}, 'type': 'onetime', 'weekDay': 1}], 'startOn': 1475644129, 'startOnLocal': '2016-10-05 12:08:49 ICT', 'thresholds': '> 300 300 300', 'type': 'alert', 'uniqueId': 'LMD74', 'value': '189439.44'}, { '_id_': 'LMD8979', 'ackComment': 'OK', 'acked': True, 'ackedBy': 'wisut.j@cloudhm.co.th', 'ackedOn': 1475652110, 'ackedOnLocal': '2016-10-05 14:21:50 ICT', 'active': True, 'alertEscalationChainName': 'default', 'alertRecipients': '', 'alertRuleId': 3, 'alertRuleName': 'Critical', 'clearValue': '', 'dataPoint': 'PingLossPercent', 'dataSource': 'Ping', 'dataSourceDisplayName': 'Ping', 'dataSourceId': 31, 'dataSourceInstance': 'Ping', 'dataSourceInstanceDescription': '', 'dataSourceInstanceId': 4911957, 'dataSourceType': 'DS', 'displayName': 'Ping', 'duration': '52h 36m', 'endOn': 0, 'endOnLocal': '', 'escalationChainId': 1, 'escalationSubChainId': 0, 'host': 'VC-TCCT', 'hostDataSourceId': 388, 'hostGroups': [ { 'alertEnable': True, 'appliesTo': '', 'createdOn': 0, 'description': 'root folder', 'fullPath': '', 'groupType': 0, 'id': 1, 'name': 'cloudhm', 'parentId': 0}], 'hostId': 8, 'id': 69, 'inSDT': True, 'level': 'critical', 'nextRecipient': 0, 'sdt': [ { 'admin': 'wisut.j@cloudhm.co.th', 'category': {'name': 'HostSDT'}, 'comment': '', 'duration': 0, 'endDateTime': { 'day': 31, 'hour': 12, 'minute': 30, 'month': 10, 'weekDay': 2, 'year': 2016}, 'endHour': 0, 'endMinute': 0, 'hostId': 8, 'hour': 0, 'id': 1, 'isEffective': True, 'minute': 0, 'monthDay': 0, 'sdtType': 1, 'startDateTime': { 'day': 5, 'hour': 13, 'minute': 43, 'month': 10, 'weekDay': 4, 'year': 2016}, 'type': 'onetime', 'weekDay': 1}], 'startOn': 1475643859, 'startOnLocal': '2016-10-05 12:04:19 ICT', 'thresholds': '> 20 70 90', 'type': 'alert', 'uniqueId': 'LMD69', 'value': '100.00'}] Question: How to get the value of host, host_name, incident_created, component_type, component_status. Since I have not found any relation between result and the details? I have read https://www.logicmonitor.com/support/rpc-api-developers-guide/manage-devices/get-devices/ But I do not know how to link it each other FYI: 1. I can not put 'host' to my 'host_name' because it is the same and endpoint API will confuse Best regards SaritSolved6Views0likes2Comments
Google Stackdriver integration
We are developing and deploying our next generation business services on the Google Cloud Platform (GCP). Our GCP services log events which are picked up by Google Stackdriver. Stackdriver has the usual ways of forwarding events (SMS, email, etc), and a webhooks options, whereby the event can be posted to a web endpoint as a JSON payload. Please can you add a LogicMonitor webhook endpoint. This would be useful for other use cases too where applications and services need to send events as a HTTP post.5Views0likes5Comments
Include Graphs in alert messages
Hey All, Couldn't find a way to do this using the alert tokens available so I figured I would post it here. I noticed some cool features from other monitoring tools that allow graphs to be sent in the alert body to PagerDuty. So when I receive a PagerDuty page from LM it would be nice to see the associated graph with the data point that is alerting. While just the alert text is good enough for most scenarios I think seeing how big of a jump/spike the data point made before alerting would be useful. The alert "C drive is 90% full" is all fine and good but when you see a graph showing it go from 12% to that 90% in just a minute or two then you know something is really up and might need more expediency as it will probably continue to fill up at that rate.3Views1like2CommentsServiceNow integration with slack
Hi Folks, I am a new to ServiceNow recently completed ServiceNow Certification. I got some trouble, Ineed to integrate servicenow with slack which helps to send high and critical P1 alerts to a slack channel. I am looking for possibilities that can be done to get the serviceNow integrated with slack. Any ideas / suggestions? Thanks in Advance0Views0likes2Comments
