====== ServiceNow Incidents ======

===== Purpose =====
  * Creates, updates and resolves incidents in ServiceNow based on alarms.
  * When an alarm is raised, an incident is created. When the alarm clears, the incident can be automatically resolved.
  * Deduplication is built-in: repeated alarms update the existing incident instead of creating duplicates.
  * If alarm rules are active, only matching alarms are forwarded.

==== Properties ====

^ Parameter ^ Description ^
| Active | Enable or disable the plugin |
| Title | Plugin display name |
| Table Type | Target table: ''INCIDENT'' (default), ''CSM_CASE'' (sn_customerservice_case), or ''CUSTOM'' |
| Custom API Path | API path when using CUSTOM table type  |
| Host | ServiceNow instance URL (''<nowiki>https://[INSTANCE].service-now.com</nowiki>'') |
| User / Password | ServiceNow API credentials |
| Assignment Group | Default assignment group for created incidents (optional) |
| CMDB Auto-Discovery | Automatically pushes SAP systems to the CMDB and links incidents to the correct CI |
| Auto-close | Resolves the incident automatically when the alarm clears |
| Closed States | State codes considered as closed (default: ''6,7'') |
| Chunk size | Max alarms processed per cycle (default: ''50'') |

==== Dynamic Properties ====
  * JSON object where each key/value is added to the incident payload.
  * Values support placeholders that are replaced at runtime.
  * Use the **Payload Variable Helper** button in the editor to browse available variables.

<code javascript>
{"account": "%ORGANIZATION.NAME%", "contact_type": "Alert"}
</code>

=== Available variables ===

^ Category ^ Variables ^
| Alarm | ''%ALARM%'', ''%ALARM_TAGS%'', ''%ALARM_TAGS.[PROPERTY]%'', ''%URI%'', ''%MODULE%'', ''%HOST%'', ''%ID%'', ''%ALARM_ID%'', ''%SEVERITY%'', ''%SEVERITY_ID%'', ''%MESSAGE%'', ''%TO_CLEAR%'', ''%RAISE_TIME%'', ''%RAISE_TIME_UNIX%'', ''%RECEIVE_TIME%'', ''%RECEIVE_TIME_UNIX%'', ''%JOB_NAME%'', ''%METRIC_NAME%'', ''%CON_ID%'', ''%JOB_ID%'' |
| Organization | ''%ORGANIZATION%'', ''%ORGANIZATION.ID%'', ''%ORGANIZATION.NAME%'', ''%ORGANIZATION.SHORT_NAME%'', ''%ORGANIZATION.PROPERTIES.[PROPERTY]%'' |
| Group | ''%GROUP%'', ''%GROUP.ID%'', ''%GROUP.NAME%'', ''%GROUP.SHORT_NAME%'', ''%GROUP.PROPERTIES.[PROPERTY]%'' |
| System | ''%SYSTEM%'', ''%SYSTEM.ID%'', ''%SYSTEM.NAME%'', ''%SYSTEM.SHORT_NAME%'', ''%SYSTEM.SID%'', ''%SYSTEM.ROLE%'', ''%SYSTEM.ENV%'', ''%SYSTEM.PROPERTIES.[PROPERTY]%'' |
| Connector | ''%CONNECTOR%'', ''%CONNECTOR.ID%'', ''%CONNECTOR.NAME%'', ''%CONNECTOR.PROPERTIES.[PROPERTY]%'' |

===== Severity Mapping =====

^ RedPeaks ^ Urgency ^ Impact ^ ServiceNow Priority ^
| CRITICAL | 1 (High) | 1 (High) | P1 |
| MAJOR | 1 (High) | 2 (Medium) | P2 |
| MINOR | 2 (Medium) | 2 (Medium) | P3 |
| WARNING | 2 (Medium) | 3 (Low) | P4 |
| INFO | 3 (Low) | 3 (Low) | P5 |

===== Incident Lifecycle =====
  * **Alarm raised** → Search for open incident by correlation ID → if none found → **create** new incident
  * **Alarm raised again** → Existing open incident found → **update** with work note
  * **Alarm clears** (auto-close enabled) → **resolve** the incident
  * **Alarm re-raised within 12h** of closure → **reopen** the existing incident instead of creating a new one

===== CMDB CI Auto-Discovery =====
  * When enabled, SAP system metadata is pushed to the CMDB via ''/api/now/identifyreconcile''.
  * Three CI types are created:
    * ''cmdb_ci_service_manual'' — Business services (one per organization)
    * ''cmdb_ci_appl_sap_system'' — SAP systems (one per SID)
    * ''cmdb_ci_hardware'' — Hosts (one per server)
  * Created incidents are automatically linked to the matching SAP system CI