Hi community!

when using the snowincident action with the NEAP the correlation_id of the created or updated incident is the Episode group id "itsi_group_id" which makes sense as the TA adds the link to the incident for a newly created incident in the ITSI ticketing lookup.

In our case the Episode creates an alert in ITOM Health via the snowevent action, once the alert is created it is added to the ITSI ticketing lookup via a custom command. For alerts we drive the message key field in ITOM health the keep the Episode and alert together.

When an incident is created in ITOM Health we also add the incident to the Episode. Now, the issue is that we cannot make the snowincident action to use the correlation_id to work. It always takes the itsi_group_id. We tried changing the stanza in the notable_events_actions.conf but this is ignored. We do not even know if it would have unwanted side effects as it is recommended to not change that setting.

From the stanza:
correlation_value_for_group = $result.correlation_id$

In case this is not possible to configure, where is the place in the snowincident.py, snow_ticket.py to best drive the payload send to ServiceNow incident table so that it takes the correlation_id from the params and keeps the itsi_group_id for the rest?

As a workaround I have started building an alert action using the incident table endpoint together with the sys_id of the incident.

Thank for your help

Peter