Alerts to ServiceNow Generic Pipeline

sajmeister · February 6, 2024, 12:56pm

Hi,

We use the free edition of Elasticsearch and don't use watchers. Would like to know is there a generic pipeline code that can be used to send alerts to ServiceNow ? If yes, please provide code so can test it.

Cheers

Saj

sajmeister · February 9, 2024, 11:23am

Has anyone done a logstash pipeline to send alerts to SNOW without the use of Watchers ? Is licensed version the only route ? It appears from talking to my colleagues translating what a Watcher does to Logstash pipeline is complicated.

leandrojmp · February 9, 2024, 11:37am

What have you tried? What kind of alert do you want? Did you create any rule in Kibana?

You can create a Kibana rule and use the index action to index this alerts to an specific index, then you can have a logstash pipeline using the elasticsearch input to query this specific index and using the http output to send out this alerts to any http endpoint.

Or you can also use a third-party tool like ElastAlert2 to do that.

sajmeister · February 12, 2024, 12:49pm

Created a snow_index_connector which writes to an index called 'alerts_to_snow'. Connector uses '@timestamp' as time field.
We have a rule called 'cpu_monitoring' for test purposes and set a condition to produce alert when CPU is above 1% and checks every minute. Alert Actions calls the 'snow_index_connector' and we have a number of variables set which get applied to the documents in index. Example variables to a name a couple are 'snow_event.snow_event_number', 'snow_event.eventSender'.

We have a logstash pipeline called 'alert_to_snow_open.cfg'. Within this pipeline we have configured it to point a test ServiceNow and it uses a SOAP connection. We are are using a static CSV file for our CMDB for this testing. Pipeline also has a soap body XML section with various key value fields to populate the trouble ticket. The pipeline executes ok but then we don't see any ticket logged or any diagnostic info to tell us what the problem is.

I can try to send you the pipeline assuming I can get it out of our secure environment and sanitize it.

sajmeister · February 12, 2024, 12:50pm

Forgot to mention we have used SOAPUI and populated the variables manually and can create a trouble ticket to our test ServiceNow.

system · March 11, 2024, 12:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.