products:cockpit:1.0:userguide:settings:servicenowincidents
Table of Contents
ServiceNow Incidents
Purpose
- Creates, updates and resolves incidents in ServiceNow based on alarms.
- When an alarm is raised, an incident is created. When the alarm clears, the incident can be automatically resolved.
- Deduplication is built-in: repeated alarms update the existing incident instead of creating duplicates.
- If alarm rules are active, only matching alarms are forwarded.
Properties
| Parameter | Description |
|---|---|
| Active | Enable or disable the plugin |
| Title | Plugin display name |
| Table Type | Target table: INCIDENT (default), CSM_CASE (sn_customerservice_case), or CUSTOM |
| Custom API Path | API path when using CUSTOM table type |
| Host | ServiceNow instance URL (https://[INSTANCE].service-now.com) |
| User / Password | ServiceNow API credentials |
| Assignment Group | Default assignment group for created incidents (optional) |
| CMDB Auto-Discovery | Automatically pushes SAP systems to the CMDB and links incidents to the correct CI |
| Auto-close | Resolves the incident automatically when the alarm clears |
| Closed States | State codes considered as closed (default: 6,7) |
| Chunk size | Max alarms processed per cycle (default: 50) |
Dynamic Properties
- JSON object where each key/value is added to the incident payload.
- Values support placeholders that are replaced at runtime.
- Use the Payload Variable Helper button in the editor to browse available variables.
{"account": "%ORGANIZATION.NAME%", "contact_type": "Alert"}
Available variables
| Category | Variables |
|---|---|
| Alarm | %ALARM%, %ALARM_TAGS%, %ALARM_TAGS.[PROPERTY]%, %URI%, %MODULE%, %HOST%, %ID%, %ALARM_ID%, %SEVERITY%, %SEVERITY_ID%, %MESSAGE%, %TO_CLEAR%, %RAISE_TIME%, %RAISE_TIME_UNIX%, %RECEIVE_TIME%, %RECEIVE_TIME_UNIX%, %JOB_NAME%, %METRIC_NAME%, %CON_ID%, %JOB_ID% |
| Organization | %ORGANIZATION%, %ORGANIZATION.ID%, %ORGANIZATION.NAME%, %ORGANIZATION.SHORT_NAME%, %ORGANIZATION.PROPERTIES.[PROPERTY]% |
| Group | %GROUP%, %GROUP.ID%, %GROUP.NAME%, %GROUP.SHORT_NAME%, %GROUP.PROPERTIES.[PROPERTY]% |
| System | %SYSTEM%, %SYSTEM.ID%, %SYSTEM.NAME%, %SYSTEM.SHORT_NAME%, %SYSTEM.SID%, %SYSTEM.ROLE%, %SYSTEM.ENV%, %SYSTEM.PROPERTIES.[PROPERTY]% |
| Connector | %CONNECTOR%, %CONNECTOR.ID%, %CONNECTOR.NAME%, %CONNECTOR.PROPERTIES.[PROPERTY]% |
Severity Mapping
| RedPeaks | Urgency | Impact | ServiceNow Priority |
|---|---|---|---|
| CRITICAL | 1 (High) | 1 (High) | P1 |
| MAJOR | 1 (High) | 2 (Medium) | P2 |
| MINOR | 2 (Medium) | 2 (Medium) | P3 |
| WARNING | 2 (Medium) | 3 (Low) | P4 |
| INFO | 3 (Low) | 3 (Low) | P5 |
Incident Lifecycle
- Alarm raised → Search for open incident by correlation ID → if none found → create new incident
- Alarm raised again → Existing open incident found → update with work note
- Alarm clears (auto-close enabled) → resolve the incident
- Alarm re-raised within 12h of closure → reopen the existing incident instead of creating a new one
CMDB CI Auto-Discovery
- When enabled, SAP system metadata is pushed to the CMDB via
/api/now/identifyreconcile. - Three CI types are created:
cmdb_ci_service_manual— Business services (one per organization)cmdb_ci_appl_sap_system— SAP systems (one per SID)cmdb_ci_hardware— Hosts (one per server)
- Created incidents are automatically linked to the matching SAP system CI
products/cockpit/1.0/userguide/settings/servicenowincidents.txt · Last modified: by jtbeduchaud