Splunk AppDynamics
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Platform
- :
- Splunk AppDynamics
- :
- ServiceNow integration - REST API
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ServiceNow integration - REST API
CommunityUser
Splunk Employee
01-15-2019
03:22 AM
Hello Community and a Happy New Year
Is there a way to configure a http request template to be able to close an existing servicenow incident on Health Rule Violation Ending by locating an existing record using the sys_id ?
Post /api/now/table/incident
Put /api/now/table/incident/{sys_id}
thanks
Steve
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
CommunityUser
Splunk Employee
01-16-2019
02:48 PM
Hello, Steven. Normally customers use an event management system, for this reason, otherwise, your ticket may get extremely cluttered or you will end up with a lot of duplicate tickets. We do not have an integration which does what you are asking, but if you look at how we integrate with ServiceNow Event Management you can likely derive a new HTTP Action template from the concept using the table API.
#set($controllerName="demo1.appdynamics.com")
{
"records":[
#foreach(${event} in ${fullEventList})
#foreach(${entity} in ${event.affectedEntities})
#if($foreach.index > 0)
,
#end
{
"source": "AppDynamics"
,"event_class": "$controllerName"
,"x_apd_appdynamics_event_source_url": "$event.deepLink"
#if( $entity.entityTypeDisplayName == "Node" )
,"node": "$entity.name"
, "resource": "$entity.name"
, "ci_type": "x_apd_appdynamics_node"
,"ci_identifier" :{
"name":"$entity.name",
"tier_name":"$event.tier.name",
"application_name":"$event.application.name",
"controller_name": "$controllerName"
}
#elseif( $entity.entityTypeDisplayName == "Tier" )
,"node": "$entity.name"
, "resource": "$entity.name"
, "ci_type": "x_apd_appdynamics_tier"
,"ci_identifier" :{
"name":"$entity.name",
"application_name":"$event.application.name",
"controller_name": "$controllerName"
}
#elseif( $entity.entityTypeDisplayName == "Application" )
,"node": "$entity.name"
, "resource": "$entity.name"
, "ci_type": "x_apd_appdynamics_application"
,"ci_identifier" :{
"name":"$event.application.name",
"controller_name": "$controllerName"
}
#elseif( $entity.entityTypeDisplayName == "Business Transaction" )
, "ci_type": "x_apd_appdynamics_tier"
, "resource": "$entity.entityTypeDisplayName - $entity.name"
,"node": "$event.tier.name"
,"ci_identifier" :{
"name":"$event.tier.name",
"application_name":"$event.application.name",
"controller_name": "$controllerName"
}
#elseif( $entity.entityTypeDisplayName == "Service Endpoint" )
, "ci_type": "x_apd_appdynamics_tier"
, "resource": "$entity.entityTypeDisplayName - $entity.name"
,"node": "$event.tier.name"
,"ci_identifier" :{
"name":"$event.tier.name",
"application_name":"$event.application.name",
"controller_name": "$controllerName"
}
#elseif( $entity.entityTypeDisplayName == "Backend" )
, "ci_type": "x_apd_appdynamics_remote_service"
, "resource": "$entity.entityTypeDisplayName - $entity.name"
,"node": "$entity.name"
,"ci_identifier" :{
"name":"$entity.name",
"application_name":"$event.application.name",
"controller_name": "$controllerName"
}
#else
#if($event.node)
, "ci_type": "x_apd_appdynamics_node"
, "resource": "$entity.entityTypeDisplayName - $entity.name"
,"node": "$event.node.name"
,"ci_identifier" :{
"name":"$event.node.name",
"tier_name":"$event.tier.name",
"application_name":"$event.application.name",
"controller_name": "$controllerName"
}
#elseif($event.tier)
, "ci_type": "x_apd_appdynamics_tier"
, "resource": "$entity.entityTypeDisplayName - $entity.name"
,"node": "$event.tier.name"
,"ci_identifier" :{
"name":"$event.tier.name",
"application_name":"$event.application.name",
"controller_name": "$controllerName"
}
#elseif($event.application)
, "ci_type": "x_apd_appdynamics_application"
, "resource": "$entity.entityTypeDisplayName - $entity.name"
,"node": "$event.application.name"
,"ci_identifier" :{
"name":"$event.application.name",
"controller_name": "$controllerName"
}
#else
, "node": "$entity.name"
, "resource": "$entity.entityTypeDisplayName - $entity.name"
#end
#end
#if($event.healthRule)
,"metric_name" : "$event.healthRule.name"
#set( $msg=$event.healthRule.name)
#else
#set( $msg="")
#end
#set( $msg=$msg + ". " + ${event.eventMessage})
#set( $msg = $msg.replace("<b>", "") )
#set( $msg = $msg.replace("</b>", "") )
#set( $msg = $msg.replace("<br>", "") )
,"description" : "$msg"
#if($event.eventType == "POLICY_OPEN_WARNING"
|| $event.eventType == "POLICY_CONTINUES_WARNING"
|| $event.eventType == "POLICY_DOWNGRADED")
,"severity": "2"
#elseif($event.eventType == "POLICY_OPEN_CRITICAL"
|| $event.eventType == "POLICY_CONTINUES_CRITICAL"
|| $event.eventType == "POLICY_UPGRADED")
,"severity": "1"
#elseif($event.eventType == "POLICY_CLOSE_WARNING"
|| $event.eventType == "POLICY_CLOSE_CRITICAL"
|| $event.eventType == "POLICY_CANCELED_WARNING"
|| $event.eventType == "POLICY_CANCELED_CRITICAL")
,"severity": "0"
#end
}
#end
#end
]
}
Get Updates on the Splunk Community!
Manual Instrumentation with Splunk Observability Cloud: The What and Why
If you've ever worked with distributed systems, you’ve likely felt the pain of a frontend throwing errors, ...
Full-Stack Security in Financial Services: AppDynamics, Cisco Secure Application, and ...
Full-Stack Security in Financial Services: AppDynamics, Cisco Secure Application, and Splunk ES
Protecting a ...
It's Customer Success Time at .conf25
Hello Splunkers,
Ready for .conf25? The customer success and experience team is and can’t wait to see you ...
