Share a Tip
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to send Severity Levels of CUSTOM events in http request Template to Incident Management Apps

Sunil_Agarwal
Communicator
‎04-02-2023 09:42 AM

It's important to ensure that the severity levels of custom events are properly communicated to Incident management apps (like ServiceNow) for effective incident management.

image.png

Here is the Code Snippet to  send Severity of custom events in http request.

#if($event.eventType == "CUSTOM")
     #if($latestEvent.severity == "INFO")
        ,"severity": "0"
     #elseif($latestEvent.severity =="WARN" )
	,"severity": "1"
     #elseif($latestEvent.severity == "ERROR" )
	,"severity": "3"
#end

Note:  Use the Severity Level number based on severity level defined in destination Incident Management App.

Reply

Pranaychandra_R
Explorer
‎06-01-2024 05:28 PM

@Sunil.Agarwal 

I am dealing with a similar issue 

we use a HTTP template that works for the health rule based events to call webex and opsgenie but work work for custom events ,it is failing with the 400 error .

at this point my theory is the template variable exposed by the custom event and the healthrule-based event are not the same and as a result, the HTTP template used for the healthrule-based event is not working for the custom event

any thoughts?  on this also any documentation for the custom events related template variables ?

0 Karma
Reply

Sunil_Agarwal
Communicator
‎06-10-2024 04:04 PM

Hi @Pranaychandra.Ravi ,
For the CUSTOM event, the eventType will be "CUSTOM," which can be used for further validation. Other variables shouldn't cause any issues.   However, from your question, I couldn't determine which parameter is causing the issue when it receive atOPsGenie end. If you could share the HTTP template with us, I would be happy to review it to identify the problematic parameter.
Additionally, is there any way to determine why Webex and Opsgenie are unable to process this? What response are they expecting that is missing in the CUSTOM Events scenarios?

Here is the page with list of Predefined Templating Variables - https://docs.appdynamics.com/appd/24.x/24.6/en/cisco-appdynamics-essentials/alert-and-respond/action... 

The template uses Apache Velocity version 1.7 to process the variables. See the Velocity User Guide for details about usage.

Reply
Get Updates on the Splunk Community!

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Last month, I met with a Senior Fraud Analyst at a nationally recognized bank to discuss their recent success ...

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

What has been announced?  In the blog, “Preparing your Splunk Environment for OpensSSL3,”we announced the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...

This month, we’re delivering several platform, infrastructure, application and digital experience monitoring ...