Share a Tip
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to send Severity Levels of CUSTOM events in http request Template to Incident Management Apps

Sunil_Agarwal
Communicator
‎04-02-2023 09:42 AM

It's important to ensure that the severity levels of custom events are properly communicated to Incident management apps (like ServiceNow) for effective incident management.

image.png

Here is the Code Snippet to  send Severity of custom events in http request.

#if($event.eventType == "CUSTOM")
     #if($latestEvent.severity == "INFO")
        ,"severity": "0"
     #elseif($latestEvent.severity =="WARN" )
	,"severity": "1"
     #elseif($latestEvent.severity == "ERROR" )
	,"severity": "3"
#end

Note:  Use the Severity Level number based on severity level defined in destination Incident Management App.

Reply

Pranaychandra_R
Explorer
‎06-01-2024 05:28 PM

@Sunil.Agarwal 

I am dealing with a similar issue 

we use a HTTP template that works for the health rule based events to call webex and opsgenie but work work for custom events ,it is failing with the 400 error .

at this point my theory is the template variable exposed by the custom event and the healthrule-based event are not the same and as a result, the HTTP template used for the healthrule-based event is not working for the custom event

any thoughts?  on this also any documentation for the custom events related template variables ?

0 Karma
Reply

Sunil_Agarwal
Communicator
‎06-10-2024 04:04 PM

Hi @Pranaychandra.Ravi ,
For the CUSTOM event, the eventType will be "CUSTOM," which can be used for further validation. Other variables shouldn't cause any issues.   However, from your question, I couldn't determine which parameter is causing the issue when it receive atOPsGenie end. If you could share the HTTP template with us, I would be happy to review it to identify the problematic parameter.
Additionally, is there any way to determine why Webex and Opsgenie are unable to process this? What response are they expecting that is missing in the CUSTOM Events scenarios?

Here is the page with list of Predefined Templating Variables - https://docs.appdynamics.com/appd/24.x/24.6/en/cisco-appdynamics-essentials/alert-and-respond/action... 

The template uses Apache Velocity version 1.7 to process the variables. See the Velocity User Guide for details about usage.

Reply
Get Updates on the Splunk Community!

Get Schooled with Splunk Education: Explore Our Latest Courses

At Splunk Education, we’re dedicated to providing incredible learning experiences that cater to every skill ...

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL

Splunk AI Assistant for SPL | Key Use Cases to Unlock the Power of SPL  The Splunk AI Assistant for SPL ...

Buttercup Games: Further Dashboarding Techniques (Part 5)

This series of blogs assumes you have already completed the Splunk Enterprise Search Tutorial as it uses the ...