ServiceNow

Use the ServiceNow Integration v2 to automatically create tickets in ServiceNow based on the high-level incidents in BigPanda. The ServiceNow Integration v2 includes several enhancements over the prior version.

Supported Versions:
Madrid, London, Kingston, Jakarta, Istanbul, Helsinki, Geneva, Fuji

Type:
API

Key Features

The ServiceNow Integration v2 includes these key features.

  • Updates ServiceNow incidents regularly— If changes occur to the alerts on open incidents, BigPanda updates the corresponding incidents in ServiceNow. Updates are sent every 5 minutes, by default.

  • Shares detailed data with ServiceNow—BigPanda adds incident details to the activity log by default and exposes additional data fields that you can use to customize the record in ServiceNow. See Data Shared with ServiceNow.

  • Provides customization options—You can choose to use a different table, share custom data, or transform shared data in ServiceNow. See Customizing the ServiceNow Integration.

Upgrading the Integration

For BigPanda customers that are already using the prior version of the integration, you must upgrade the integration to use these features.

  1. Go to the ServiceNow App Store and download the latest version of the BigPanda app.
  2. If you want to use the incident updates feature or the alert detail list, contact BigPanda support. The BigPanda support team will enable it for you.

Installing the Integration

Administrators can install the integration by following the on-screen instructions in BigPanda. For more information, see Installing an Integration

Data Shared with ServiceNow

When a BigPanda incident is shared with ServiceNow, the integration creates a new record in ServiceNow and adds incident details to the activity log. The integration also exposes additional data fields that you can use to customize the record in ServiceNow. If changes occur to the alerts on open incidents, BigPanda updates the corresponding incidents in ServiceNow. Updates are sent every 5 minutes, by default.

Data Shared by Default

By default, the integration to ServiceNow populates the activity log with the following template:

The incident has (X) Active Alerts (X total) coming from <Incident Title in BigPanda>
Alerts: X Criticals, X Warnings, X Resolved

Message: <from Share dialog>
Incident was <manually/auto> shared by <BigPanda User>

Go to the <Incident Preview Page link>
Investigate in the <BigPanda console link>
See the <Incident Timeline link>

Additional Data Fields from BigPanda

The integration exposes these additional data fields from BigPanda in the default WSDL. ServiceNow administrators can leverage these fields in the transform map to further enrich and customize the incident in ServiceNow. If you want to use any of these fields, the ServiceNow administrator must modify the web service for BigPanda to add a new field with the exact field name listed below.

Field
Description

u_bp_incident_status

Status of the incident in BigPanda (string; critical, warning, ok).

u_bp_incident_start

Start time of the incident in unix milliseconds format (number; for example: 1437922629).

u_bp_primary_objects

Comma-separated string of the primary objects in the incident that have active alerts. For example, a list of hosts or services, such as "host1,host2,host24".

u_bp_primary_object_type

Type of the primary objects (for example: "host" or "service").

u_bp_secondary_objects

Comma-separated string of the secondary objects in the incident that have active alerts. For example, a list of checks: "high cpu, load avg. is high".

u_bp_secondary_object_type

Type of the secondary objects (for example: "check" or "sensor").

u_bp_source_system

Originating data source or monitoring tool for the alerts in the BigPanda incident (for example: "Nagios - US").

u_bp_active_alerts_count

Count of the active alerts in the incident (status is not resolved).

u_bp_alerts_count

Count of all the alerts in the incident.

u_bp_alerts_statuses

Comma-separated string of the count of alerts by their status in BigPanda (for example: "3 Criticals, 2 Warnings, 20 Resolved").

u_bp_auto_shared

Indicator of whether the incident was shared manually or automatically.

u_bp_environment

(AutoShares only) Name of the BigPanda Environment in which the incident appears. If the incident appears in multiple Environments, the first Env

u_bp_preview_url

Link to the incident preview page in BigPanda. This page can be accessed without logging in and shows summary information for the incident.

u_bp_incident_url

Link to the incident in the BigPanda incident feed (requires BigPanda credentials).

u_bp_timeline_url

Link to the incident timeline in BigPanda (requires BigPanda credentials).

u_bp_alert_details

List of active alert details for the incident, including host, description, source, and status.
For optimal performance, this field is disabled by default. If you want to use this field, contact BigPanda support to enable it. Then, map the value to a field that is large enough to contain the data (for example, the Description field).

Customizing The ServiceNow Integration

You can customize the integration between BigPanda and ServiceNow to use a different table, share custom data, or transform shared data in ServiceNow.

Prerequisites

  • In BigPanda, follow the instructions to install the ServiceNow integration.

  • If you installed a previous version of the integration, upgrade to the latest version.

Using an Alternate Table in ServiceNow

By default, the BigPanda integration to ServiceNow creates new records in the Incident table. If you want to create the records in a different table, the integration can be configured to support this option. To use an alternate table, you must:

  1. Contact BigPanda support and supply the name of the table.

BigPanda needs the name of the table to properly store a reference and link to the correct record. Changing the target table in the transform map record in ServiceNow is not sufficient to configure the integration for an alternate table.

  1. If the alternate table has different field names than the Incident table, log in to ServiceNow as an administrator and map the BigPanda values to the correct fields in the Field Map.

Exposing Custom Tags and Fields

If you use custom tags or enrichments to include additional data from alert systems in BigPanda incidents, you can leverage this data in the ServiceNow incidents that BigPanda creates.

Contact BigPanda support with the names of the specific tags or enrichment fields that you want to expose in the ServiceNow integration. The BigPanda support team will add them to your integration.

Transforming Data in ServiceNow with Scripting

You may want to transform the data coming from BigPanda to conform to a desired value in the ServiceNow incident. ServiceNow can handle this logic via the scripting layer built into all parts of the product, including the transform maps. The following sample scripts demonstrate how to implement common data transformations for your BigPanda integration with ServiceNow.

Using Sample Code

These samples are meant to provide a helpful starting point for your customizations. Though you may be able to copy some of the samples and use them without modifications, ServiceNow administrators must review and test all transform scripts before using them, as per good practices.

if (source.u_bp_incident_status ==  'critical' ) {
 target.impact = 1;
}  else if (source.u_bp_incident_status ==  'warning' ) {
 target.impact = 2;
}  else {
 target.impact = 3;
}

The short description field has a maximum length of 80 characters.

var description =  '[BigPanda] ' ;
description += source.u_bp_alerts_count +  ' Alerts. ' ;
if (source.u_bp_environment) {
 description +=  ' Matching environment: ' + source.u_bp_environment;
}
target.short_description = description; 
function processHosts() {
  if (gs.nil(source.u_bp_primary_objects))
    return ;
  
  var hosts = source.u_bp_primary_objects.toString().split( "," );
  var primaryCISet = false;
  for ( var i = 0; i < hosts.length; i++) {
    gs.info( "process affected host {0}" , hosts[i]);
    var ciId = getHostCISysId(hosts[i]);
    
    // if object not found in cmdb - try to remove ".com" postfix
    if (gs.nil(ciId)) {
      if (hosts[i].endsWith( '.com' )) {
        var ciId = getHostCISysId(hosts[i].substring(0,hosts[i].length-4));
      }
    }
    
    if (!gs.nil(ciId)) {
      //set first CI in cmdb_ci field
      if (!primaryCISet) {
        target.cmdb_ci = ciId;
        target.update(); 
        primaryCISet = true;
      }
      
      //add affected CIs
      createAffectedCI(target.getUniqueValue(), ciId);
    }
  }
}
function getHostCISysId(hostname) {
  var gr =  new GlideRecord( "cmdb_ci" );
  hostname = hostname.trim();
  gr.addQuery( "name" , hostname);
  gr.query();
  gs.info( "Querying for hostname {0}: {1}={2}" , hostname, gr.getEncodedQuery(), gr.getRowCount());
  if (gr.getRowCount() == 0) {
    gs.info( "No CI found for host {0}" , hostname);
    return ;
  }
  
  if (gr.getRowCount() > 1) {
    gs.info( "More than one match found for host {0}" , hostname);
    return ;
  }
  
  //only one record so get it
  gr.next();
  gs.info( "Hostname sys id {0}={1}" ,hostname, gr.getUniqueValue() );
  return gr.getUniqueValue();
  
}
function createAffectedCI(incident, ci) {
  var gr =  new GlideRecord( "task_ci" );
  gr.addQuery( "task" , incident);
  gr.addQuery( "ci_item" , ci);
  gr.query();
  
  // create if not exist
  if (gr.getRowCount() == 0) {
    var gr2 =  new GlideRecord( "task_ci" );
    gr2.task = incident;
    gr2.ci_item = ci;
    gr2.insert();
  }
}

Add this code as an onAfterscript. It links to the CI only if it exists in the ServiceNow CMDB. Also, the script tries to match the hostname with and without the .com suffix.

Configuring Bidirectional Sync with ServiceNow

Create a bidirectional workflow between ServiceNow and BigPanda to seamlessly manage incidents. First, configure the ServiceNow Incident table to track the BigPanda Incident ID. Then, configure a business rule to resolve the BigPanda incident when the corresponding ServiceNow incident is resolved, which keeps the two workbenches in sync.

Prerequisites

  • Integrate ServiceNow in BigPanda. This integration allows you to create ServiceNow tickets based on BigPanda incidents.

  • Administrator access in ServiceNow.

Tracking the BigPanda Incident ID

  1. In ServiceNow, go to System Definition > Dictionary and open the Incident table.
  2. Create a new field called BigPanda ID.
  1. In ServiceNow, go to Transform Map and open the ShareIncident map.
  2. In the ShareIncident map, create a new Field Map.
  3. Configure the field map to populate the BigPanda Incident ID with a script.
    • Target table—Incident
    • Source table—BigPanda Incident Import
    • Target field—BigPanda ID
    • Use source script—select the check box.
    • Source script—paste the following script.
answer = (function transformEntry(source) { 

// from Big Panda

var pattern = new RegExp('.*incidents\/(.{24})','g'); 
var url = source.u_bp_incident_url;

var id = pattern.exec(url)[1]; 
gs.info("Importing row {0}, url={1}, id={2}", source.sys_import_row, url, id);

answer = id; 

return answer; 

// return the value to be put into the target field

})(source);
  1. Save the field map.

When a BigPanda incident is shared, the corresponding ServiceNow incident will now include a field that is automatically populated with the BigPanda Incident ID.\

Create a Business Rule to Resolve BigPanda Incidents

  1. In ServiceNow, go to Business Rules, and create a new rule.
  2. In the Name field, enter Resolve BigPanda Incident.
  3. In the Table field, select Incident.
  4. Select the Active and Advanced check boxes.
  5. In the When to run section, set When to after and Order to 100.
  6. Select the Update check box.
  7. Add a Filter Condition to specify the following condition.

    • BigPanda ID is not empty

    • State changes to Resolved

  8. In the Advanced section, create a new Condition called gs.isInteractive().
    9.I n the Script field, paste the following script.

function onAfter(current, previous) {
    //This function will be automatically called when this rule is processed.
    var rm = new sn_ws.RESTMessageV2();
    rm.setHttpMethod("post");
    rm.setHttpTimeout(5000);
    rm.setRequestHeader("Authorization", "Bearer ${token}");
    rm.setRequestHeader("Content-Type", "application/json");
    rm.setEndpoint("https://api.bigpanda.io/resources/v1.0/incidents/" + current.u_bigpanda_id);

    rm.setRequestBody('{"resolved" :true, "comments":"from ServiceNow"}');
    var response = rm.executeAsync();
    var status = response.getStatusCode()
    gs.info("Resolve BigPanda Incident response:" + status);
    gs.addInfoMessage("Setting BigPanda incident to resolved");
}

Replace ${token} with the corresponding bearer token in your BigPanda instance (contact BigPanda Support for this information). For example:
rm.setRequestHeader("Authorization", "Bearer a62g98113ac271049e370512a2f24fs9");

  1. Save the business rule.

The following screenshot demonstrates how the completed business rule looks.

When a BigPanda-generated incident is resolved in ServiceNow, the business rule will resolve the corresponding incident in BigPanda by using the Incidents API.

Testing the Integration

  1. Share an incident from BigPanda to ServiceNow to ensure that the collaboration integration works as desired.
  2. Open the shared incident in ServiceNow and verify that the BigPanda ID field is correctly populated with the BigPanda incident ID.
  3. Resolve the incident in ServiceNow.
  4. Verify that the incident is resolved in BigPanda.

Uninstalling ServiceNow

You must delete the BigPanda app from your ServiceNow instance to stop receiving incidents from BigPanda.

Procedure

  1. Log in to ServiceNow as an administrator.
  2. Go to System Applications > Applications.
  3. Click Downloads.
  4. Open the BigPanda application record.
  5. Click Delete and confirm the deletion.

Post-Requisties

  • Delete the integration in BigPanda to remove the ServiceNow integration from your UI.
  • (Optional) Delete any shared data that was posted in ServiceNow. For example, close any incident records opened by BigPanda.

ServiceNow


Use the ServiceNow Integration v2 to automatically create tickets in ServiceNow based on the high-level incidents in BigPanda. The ServiceNow Integration v2 includes several enhancements over the prior version.

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.