# Creating an incident in ServiceNow

{% hint style="warning" %}
This documentation references external sources. 

Nexthink does not control the accuracy of third-party documentation or external updates that can result in inconsistencies.

Report any errors or inconsistencies to [Nexthink Support](https://support.nexthink.com/).
{% endhint %}

This document demonstrates how to configure Nexthink Webhook to detect alerts and events and transmit them to ServiceNow to create an incident.

## In ServiceNow <a href="#creatinganincidentinservicenow-inservicenow" id="creatinganincidentinservicenow-inservicenow"></a>

Verify that the proper roles of the user are in place in order to define credentials in Nexthink.

1. Go into **User Administration** and select **Users**.
2. Verify that the user has been assigned the following roles:
   * `rest_api_explorer`
   * `itil`
3. Once the user has been set up in ServiceNow, enter **System Web Services** > **REST** and select **Rest API Explorer**.
4. Verify that you have selected the following values:
   * Namespace = now
   * API Name = Table API
   * API Version = latest
5. Click on the option **Create a record (POST)**
6. In the **Prepare request** section, for **tableName** select **Incident** from the drop-down list:

<div align="left"><figure><img src="/files/HnNYOE5s3IO6PuuCfNgB" alt="Prepare request"><figcaption></figcaption></figure></div>

7. Copy and save the **Create Record** information for future reference. That is, for the [connector credential](#configuring-a-connector-credential-for-the-servicenow-incident-creation) and [webhook configuration](#configuring-a-webhook-for-servicenow-incident-creation) in the Nexthink web interface.

<figure><img src="/files/8RAW5JFhFPJYaEI5s8NH" alt=""><figcaption></figcaption></figure>

8. Go to the **Request Body** section and select the **Builder** tab located at the bottom of the page.

<figure><img src="/files/1G92AVGHoXSUixprnBWP" alt="Builder tab"><figcaption></figcaption></figure>

9. **Add a field** to build the **Request Body** and save it for future reference. That is, for the webhook configuration in the Nexthink web interface.
   * For instance, to create an incident with the fields `caller`*,* `impact`*,* `urgency`*,* `business service`*,* `configuration item`*,* `short description` and `description`*;* use the drop-down menu to select the proper fields from ServiceNow and then input text to assign values to them.
   * Optionally, add more fields to the request in ServiceNow by using the plus button to create as many new rows as necessary.

<figure><img src="/files/QXNSxmF3ItYLAsqTAgCf" alt="Assign values to fields"><figcaption></figcaption></figure>

Below is an example of a **Request Body** in ServiceNow:

```
{
 "short_description":"This is an issue create by a Nexthink Alert",
 "description":"Nexthink Alert {{alert.monitor.name}} has been triggered",
 "impact":"2",
 "urgency":"2",
 "cmdb_ci":"{{device.device.name}}",
 "caller_id":"Nexthink Integration"
 }
```

{% hint style="info" %}
Refer to the [Configuring webhook fields: Method, Resource, and Payload](/platform/~/changes/Sh4xqs4GDClkDKT9Hvux/integrations/outbound-connectors/webhooks/managing-webhooks/configuring-webhook-fields_-method-resource-and-payload.md#configuringwebhookfields-method-resource-andpayload-usingdatamodelvariablesasplaceholdersinthepayloa) to learn more about allowed placeholders for payloads.
{% endhint %}

## In Nexthink <a href="#creatinganincidentinservicenow-innexthink" id="creatinganincidentinservicenow-innexthink"></a>

From the Nexthink web interface:

* [Configure a connector credential for the ServiceNow incident creation](#configuring-a-connector-credential-for-the-servicenow-incident-creation)
* [Configure a webhook for ServiceNow incident creation](#configuring-a-webhook-for-servicenow-incident-creation)

### Configuring a connector credential for the ServiceNow incident creation <a href="#configuring-a-connector-credential-for-the-servicenow-incident-creation" id="configuring-a-connector-credential-for-the-servicenow-incident-creation"></a>

From the [connector credential](/platform/~/changes/Sh4xqs4GDClkDKT9Hvux/integrations/outbound-connectors/connector-credentials.md) configuration page, fill out the fields using the information from the connection you created in Zoom.

1. Choose the **HTTPS** option from the **Protocol** drop-down.
2. Paste the **Create Record** URL `https://venXXXXX.service-now.com/` from [ServiceNow](#creatinganincidentinservicenow-inservicenow) into the **URL address** field.
3. Choose the **Basic** option from the **Authorization** drop-down.
4. Enter a **Username** and **Password** to connect to the third-party tool.
5. **Save** the credential.

### Configuring a webhook for ServiceNow incident creation <a href="#configuring-a-webhook-for-servicenow-incident-creation" id="configuring-a-webhook-for-servicenow-incident-creation"></a>

From the [webhook configuration page](/platform/~/changes/Sh4xqs4GDClkDKT9Hvux/integrations/outbound-connectors/webhooks/managing-webhooks.md#managingwebhooks-creatinganewwebhook), fill out the fields using the information from the [ServiceNow](#creatinganincidentinservicenow-inservicenow) REST API Explorer setup.

1. Fill in the **NQL Condition** following the [Configuring webhook NQL conditions](/platform/~/changes/Sh4xqs4GDClkDKT9Hvux/integrations/outbound-connectors/webhooks/managing-webhooks/configuring-webhook-nql-conditions.md) documentation. See the query below.
   * After filling in the NQL Condition, the system lists the [allowed placeholders](/platform/~/changes/Sh4xqs4GDClkDKT9Hvux/integrations/outbound-connectors/webhooks/managing-webhooks/configuring-webhook-fields_-method-resource-and-payload.md#configuringwebhookfields-method-resource-andpayload-usingdatamodelvariablesasplaceholdersinthepayloa) for the **Payload**.&#x20;

```
alert.alerts
| list alert.monitor.name, alert.status, monitor.tags, alert.context, trigger_time, recovery_time, alert.monitor.thresholds, monitor.priority, alert.trigger_values, alert.trigger_reference_value, alert.recovery_values, alert.context, device_view_link, issue_view_link, device.name
```

2. Choose the connector credential you created for Zoom from the **Credentials** drop-down.
3. Select the **POST** from the **Method** drop-down.
4. Copy and paste into the **Resource** field, the **Create Record** URL from ServiceNow without the URL address. For example: `api/now/table/incident`
   * Remember to replace the `{tableName}` with the selected **Query parameters** for the **tableName** in ServiceNow. In this case, `incident`.
5. Paste the **Payload** field with the **Request Body** created in ServiceNow. No formatting is needed. See example below:

```
{
  "short_description":"This is an issue created by a Nexthink Alert",
  "description":"Nexthink Alert {{alert.monitor.name}} has been triggered",
  "impact":"2",
  "urgency":"2",
  "cmdb_ci":"{{device.device.name}}",
  "caller_id":"Nexthink Integration"
}
```

{% hint style="info" %}
Refer to the [Configuring webhook fields: Method, Resource, and Payload](/platform/~/changes/Sh4xqs4GDClkDKT9Hvux/integrations/outbound-connectors/webhooks/managing-webhooks/configuring-webhook-fields_-method-resource-and-payload.md#configuringwebhookfields-method-resource-andpayload-usingdatamodelvariablesasplaceholdersinthepayloa) to learn more about allowed placeholders for payloads.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nexthink.com/platform/~/changes/Sh4xqs4GDClkDKT9Hvux/integrations/outbound-connectors/webhooks/webhook-use-cases-setup/creating-an-incident-in-servicenow.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.