Share a Tip

How to send Severity Levels of CUSTOM events in http request Template to Incident Management Apps

Sunil_Agarwal
Communicator

It's important to ensure that the severity levels of custom events are properly communicated to Incident management apps (like ServiceNow) for effective incident management.

image.png

Here is the Code Snippet to  send Severity of custom events in http request.

#if($event.eventType == "CUSTOM")
     #if($latestEvent.severity == "INFO")
        ,"severity": "0"
     #elseif($latestEvent.severity =="WARN" )
	,"severity": "1"
     #elseif($latestEvent.severity == "ERROR" )
	,"severity": "3"
#end

Note:  Use the Severity Level number based on severity level defined in destination Incident Management App.

Pranaychandra_R
Explorer

@Sunil.Agarwal 

I am dealing with a similar issue 

we use a HTTP template that works for the health rule based events to call webex and opsgenie but work work for custom events ,it is failing with the 400 error .

at this point my theory is the template variable exposed by the custom event and the healthrule-based event are not the same and as a result, the HTTP template used for the healthrule-based event is not working for the custom event

any thoughts?  on this also any documentation for the custom events related template variables ?

0 Karma

Sunil_Agarwal
Communicator

Hi @Pranaychandra.Ravi ,
For the CUSTOM event, the eventType will be "CUSTOM," which can be used for further validation. Other variables shouldn't cause any issues.   However, from your question, I couldn't determine which parameter is causing the issue when it receive atOPsGenie end. If you could share the HTTP template with us, I would be happy to review it to identify the problematic parameter.
Additionally, is there any way to determine why Webex and Opsgenie are unable to process this? What response are they expecting that is missing in the CUSTOM Events scenarios?

Here is the page with list of Predefined Templating Variables - https://docs.appdynamics.com/appd/24.x/24.6/en/cisco-appdynamics-essentials/alert-and-respond/action... 

The template uses Apache Velocity version 1.7 to process the variables. See the Velocity User Guide for details about usage.

Get Updates on the Splunk Community!

Fueling your curiosity with new Splunk ILT and eLearning courses

At Splunk Education, we’re driven by curiosity—both ours and yours! That’s why we’re committed to delivering ...

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Splunk AI Assistant for SPL has transformed how users interact with Splunk, making it easier than ever to ...

Unleash Unified Security and Observability with Splunk Cloud Platform

     Now Available on Microsoft AzureOn Demand Now Step boldly into the AI revolution with enhanced security ...