Share a Tip
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to send Severity Levels of CUSTOM events in http request Template to Incident Management Apps

Sunil_Agarwal
Communicator
‎04-02-2023 09:42 AM

It's important to ensure that the severity levels of custom events are properly communicated to Incident management apps (like ServiceNow) for effective incident management.

image.png

Here is the Code Snippet to  send Severity of custom events in http request.

#if($event.eventType == "CUSTOM")
     #if($latestEvent.severity == "INFO")
        ,"severity": "0"
     #elseif($latestEvent.severity =="WARN" )
	,"severity": "1"
     #elseif($latestEvent.severity == "ERROR" )
	,"severity": "3"
#end

Note:  Use the Severity Level number based on severity level defined in destination Incident Management App.

Reply

Pranaychandra_R
Explorer
‎06-01-2024 05:28 PM

@Sunil.Agarwal 

I am dealing with a similar issue 

we use a HTTP template that works for the health rule based events to call webex and opsgenie but work work for custom events ,it is failing with the 400 error .

at this point my theory is the template variable exposed by the custom event and the healthrule-based event are not the same and as a result, the HTTP template used for the healthrule-based event is not working for the custom event

any thoughts?  on this also any documentation for the custom events related template variables ?

0 Karma
Reply

Sunil_Agarwal
Communicator
‎06-10-2024 04:04 PM

Hi @Pranaychandra.Ravi ,
For the CUSTOM event, the eventType will be "CUSTOM," which can be used for further validation. Other variables shouldn't cause any issues.   However, from your question, I couldn't determine which parameter is causing the issue when it receive atOPsGenie end. If you could share the HTTP template with us, I would be happy to review it to identify the problematic parameter.
Additionally, is there any way to determine why Webex and Opsgenie are unable to process this? What response are they expecting that is missing in the CUSTOM Events scenarios?

Here is the page with list of Predefined Templating Variables - https://docs.appdynamics.com/appd/24.x/24.6/en/cisco-appdynamics-essentials/alert-and-respond/action... 

The template uses Apache Velocity version 1.7 to process the variables. See the Velocity User Guide for details about usage.

Reply
Get Updates on the Splunk Community!

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...

Finding Based Detections General Availability

Overview  We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars  Sometimes, you just need to see the code. For those looking for a ...