Administer > Create and manage alerts > Alert Actions > Create ServiceNow Incident

Create a ServiceNow incident

This alert management action is only available if the integration with ServiceNow® is enabled.

For information about configuring ServiceNow integration, see Configure an Orion Platform product with ServiceNow.

To use this action, make sure the integration with ServiceNow is enabled on the Alert Summary page. If the Integrate alert with other SolarWinds box is not selected, the incident is created but the integration is not two-sided, so you cannot reset or clear the incidents in ServiceNow®.

Use reference fields

When you configure ServiceNow incidents, you can use reference fields to refer to different database tables in ServiceNow.

The reference value you provide in the Orion Web Console is used in ServiceNow to locate a referenced record. This enables you to use advanced ServiceNow filter expressions.

The reference field's value is usually the Sys ID of the referenced record, and the application by default tries to locate the referenced record by Sys ID.

You can also specify which fields should be used for specific referenced tables when trying to locate a referenced record. Some definitions are defined by default. For example, setting a field user_name for the sys_user table allows you to use the user name in reference fields such as Caller or Assigned to.

Some default fields are not mapped automatically when you install versions 1.0.2 or 1.0.5 of the SolarWinds Alert Integration application and must be mapped manually. Upgrades from version 1.0.1 and earlier are not affected. This issue is resolved in SolarWinds Alert Integration 1.0.10.

You can specify your own reference fields in the SolarWinds Alert Integration application, under Configuration > Incident Reference Fields Definitions, and you can control the order of different fields on the same table by setting different priorities.

Filter expression examples

Reference fields can also be used as filter expressions. The following examples show the configuration of reference fields.

reference field value purpose
Assignment group name=Hardware Assigns the incident to the group called Hardware.
Location state=TX^city=Austin^streetLIKESouthwest Parkway Sets the location to Southwest Parkway, Austin, TX.
Configuration item mac_address=${N=SwisEntity;M=MAC} Locates the configuration item based on the MAC address of the interface, by using a macro.

For more information, see the ServiceNow Wiki about reference fields.

Configure a ServiceNow incident

  1. When editing or adding an alert, click Add Action in the Trigger or Reset Action section of the Alert Wizard.

  2. Select Create ServiceNow Incident, and click Configure Action.
  3. Under Select ServiceNow Instance, specify the ServiceNow instance where you want to create the incident.
  4. Under Incident Detail, define the properties of an incident template that will be used for new incidents. For example, here you can define the urgency, impact, and other properties of incidents. Text areas can hold macro variables to add information about alerts and alert objects.

    If the property you want is not displayed in the Incident Detail section, click Select Properties at the bottom of the section, and select the property from the list. Then you will be able to use the properties as reference fields.

  5. Under State Management, define the status of the incident when the incident is reset, reopened, acknowledged, and closed. You can also specify notes to be added to the incident.
  6. Schedule the action by selecting Time of Day > Use special Time of Day schedule for this action. This schedule only applies to the alert action you are editing.

    This is often used to prevent an action from occurring during specific windows.

  7. Select how frequently this action occurs for each triggered alert in Execution Settings.

  8. Click Add Action.

The action is added to the trigger or reset action list, and you can test the action using the Simulate button. When the trigger or reset conditions of the alert are met, an incident will be created or updated in the specified ServiceNow instance.

When you use this alert action, we recommend that you only use it on the trigger tab. It is also recommended that you only use one ServiceNow action per alert.

To deactivate the integrated behavior, remove the alert action from the alert definition.

You can specify one alert action for one ServiceNow instance. To create an incident in another ServiceNow instance, specify another alert action and use a different ServiceNow instance.