Creating an incident in ServiceNow

This documentation references external sources.

Nexthink does not control the accuracy of third-party documentation or external updates that can result in inconsistencies.

Report any errors or inconsistencies to Nexthink Support.

This document demonstrates how to configure Nexthink Webhook to detect alerts and events and transmit them to ServiceNow to create an incident.

In ServiceNow

Verify that the proper roles of the user are in place in order to define credentials in Nexthink.

  1. Go into User Administration and select Users.

  2. Verify that the user has been assigned the following roles:

    • rest_api_explorer

    • itil

  3. Once the user has been set up in ServiceNow, enter System Web Services > REST and select Rest API Explorer.

  4. Verify that you have selected the following values:

    • Namespace = now

    • API Name = Table API

    • API Version = latest

  5. Click on the option Create a record (POST)

  6. In the Prepare request section, for tableName select Incident from the drop-down list:

  1. Copy and save the Create Record information for future reference. That is, for the connector credential and webhook configuration in the Nexthink web interface.

  1. Go to the Request Body section and select the Builder tab located at the bottom of the page.

  1. Add a field to build the Request Body and save it for future reference. That is, for the webhook configuration in the Nexthink web interface.

    • For instance, to create an incident with the fields caller, impact, urgency, business service, configuration item, short description and description; use the drop-down menu to select the proper fields from ServiceNow and then input text to assign values to them.

    • Optionally, add more fields to the request in ServiceNow by using the plus button to create as many new rows as necessary.

Below is an example of a Request Body in ServiceNow:

{
 "short_description":"This is an issue create by a Nexthink Alert",
 "description":"Nexthink Alert {{alert.monitor.name}} has been triggered",
 "impact":"2",
 "urgency":"2",
 "cmdb_ci":"{{device.device.name}}",
 "caller_id":"Nexthink Integration"
 }

Refer to the Configuring webhook fields: Method, Resource, and Payload to learn more about allowed placeholders for payloads.

In Nexthink

From the Nexthink web interface:

Configuring a connector credential for the ServiceNow incident creation

From the connector credential configuration page, fill out the fields using the information from the connection you created in Zoom.

  1. Choose the HTTPS option from the Protocol drop-down.

  2. Paste the Create Record URL https://venXXXXX.service-now.com/ from ServiceNow into the URL address field.

  3. Choose the Basic option from the Authorization drop-down.

  4. Enter a Username and Password to connect to the third-party tool.

  5. Save the credential.

Configuring a webhook for ServiceNow incident creation

From the webhook configuration page, fill out the fields using the information from the ServiceNow REST API Explorer setup.

  1. Fill in the NQL Condition following the Configuring webhook NQL conditions documentation. See the query below.

alert.alerts
| list alert.monitor.name, alert.status, monitor.tags, alert.context, trigger_time, recovery_time, alert.monitor.thresholds, monitor.priority, alert.trigger_values, alert.trigger_reference_value, alert.recovery_values, alert.context, device_view_link, issue_view_link, device.name
  1. Choose the connector credential you created for Zoom from the Credentials drop-down.

  2. Select the POST from the Method drop-down.

  3. Copy and paste into the Resource field, the Create Record URL from ServiceNow without the URL address. For example: api/now/table/incident

    • Remember to replace the {tableName} with the selected Query parameters for the tableName in ServiceNow. In this case, incident.

  4. Paste the Payload field with the Request Body created in ServiceNow. No formatting is needed. See example below:

{
  "short_description":"This is an issue created by a Nexthink Alert",
  "description":"Nexthink Alert {{alert.monitor.name}} has been triggered",
  "impact":"2",
  "urgency":"2",
  "cmdb_ci":"{{device.device.name}}",
  "caller_id":"Nexthink Integration"
}

Refer to the Configuring webhook fields: Method, Resource, and Payload to learn more about allowed placeholders for payloads.

Last updated

#451: 2024.8-Overview of integration DOC

Change request updated