Support Center Home

ServiceNow (Incident Management) Integration


Your LogicMonitor account comes ready to integrate alert messages with your ServiceNow account. The bidirectional integration enables LogicMonitor to open, update and close ServiceNow incidents based on LogicMonitor alerts. By sending alerts from LogicMonitor into ServiceNow, you can take advantage of ServiceNow’s alerting platform features to increase uptime of your apps, servers, websites, and databases. ServiceNow users can also acknowledge an alert directly from an incident in ServiceNow.

Note: This integration requires ServiceNow Enterprise. For a list of compatible ServiceNow versions, see product details for this integration at the ServiceNow store.

As discussed in the following sections, setup of this integration requires:

  1. Installation of the LogicMonitor Incident Management Integration from the ServiceNow store.
  2. Configuration of the integration within LogicMonitor
  3. Configuration of alert rule/escalation chain to deliver alert data to the integration
  4. Configuration of ServiceNow (optional) to include acknowledge option on incident form

Installing and Configuring the LogicMonitor Incident Management Integration

  1. Click the GET button on the LogicMonitor Store page.
  2. Accept ServiceNow’s Notice by clicking Continue
  3. Note the Dependencies and Continue if they apply to your environment
    • For the Entitlement Section choose to make the application available to all instances or just specific ones.  (NOTE: This step does not install the application, it just makes it available for install later.)
    • Accept the ServiceNow Terms
    • Click GET
  4. Login to your ServiceNow instance
  5. Navigate to System Applications | Applications
  6. The LogicMonitor Incident Management application should be available in the Downloads section.  Click Install to add the application to your instance.

After the application is installed you will need to provide account details for ServiceNow to automatically acknowledge alerts:

  1. Navigate to LogicMonitor Incident Management | Setup | Properties
  2. Set values for:
    • LogicMonitor Account Name
    • API Access ID*
    • API Access Key*
  3. Click Save

*As discussed in API Tokens, API tokens for LogicMonitor’s REST API are created and managed from the User Access page in the LogicMonitor platform.


Configuring the Integration in LogicMonitor

You can enable the ServiceNow Integration in your account from Settings | Integrations.  Select Add and then ServiceNow:


Your ServiceNow subdomain.  You can find this in your ServiceNow portal URL.  For example, if your ServiceNow portal url is, your subdomain would be dev.


The username associated with the ServiceNow account you’d like LogicMonitor to use to open, update and close ServiceNow incidents. Ensure that this user account is assigned the “LogicMonitor Integration” (x_lomo_lmint.LogicMonitor Integration) role, which was automatically added to your ServiceNow instance as part of the LogicMonitor application installation performed in step 1.


The password associated with the ServiceNow username you specified.

ServiceNow Default Settings

The ServiceNow Settings section enables you to configure how incidents are created in ServiceNow for LogicMonitor alerts.

ServiceNow Default Settings


The ServiceNow company that incidents will be created for.

Note: If you’d like to create, update and delete tickets across multiple ServiceNow companies, you can do that by setting the following property on the device whose alerts should trigger a new or change to existing ServiceNow incident:

When an alert is triggered and routed to the ServiceNow Integration, LogicMonitor will first check to see if this property exists for the device associated with the alert. If it does exist, its value will be used instead of the value set in the Integration form.

Due Date

This field will determine how LogicMonitor sets the due date of the incidents in ServiceNow. Specifically, the ServiceNow incident due date will be set to the number of days you set this field to.

ServiceNow Severities

Indicate how the LogicMonitor alert severities should map to incidents created in your ServiceNow portal.

Note: This mapping determines severity level only for the ServiceNow incident. It does not play a role in determining the incident’s priority level.

ServiceNow status

Indicate how the LogicMonitor alert statuses should update the incidents created in your ServiceNow portal.

HTTP Delivery

The HTTP Delivery section controls how LogicMonitor formats and sends the HTTP requests to create, update and/or close incidents. You shouldn’t need edit to anything in the HTTP Delivery section, but if you wish to customize something you can use the information in the following sections to guide you.  If not, you can save the integration now and proceed to the Configuring Alert Rule and Escalation Chain section.

By default, LogicMonitor will pre-populate four different HTTP requests, one for each of:

  • new alerts (Active)
  • acknowledged alerts (Acknowledged)
  • cleared alerts (Cleared)
  • escalated alerts (Escalated)

For each request you can select which alert statuses should trigger the HTTP request.  Requests will be sent for new alerts (status: Active), and can additionally be sent for alert acknowledgements (status: Acknowledged), clears (status: Cleared) and escalations/de-escalations (status: Escalated).  Note that each alert status can only be associated with one request.  Since LogicMonitor auto-populates a different request for each alert status by default, you’ll have to delete a request in order to see the option to include that alert status in a different request.

HTTP Method

The HTTP method for ServiceNow integrations is restricted to POST and PUT.


The URL that the HTTP request should be made to.  This field is auto-populated based on information you’ve provided.

Alert Data

The custom formatted alert data to be send in the HTTP request (used to create, update and close ServiceNow incidents).  This field will be auto-populated for you.  If desired, you can customize the alert data field using tokens.

Test Alert Delivery

This option sends a test alert and provides the response, enabling you to test whether you’ve configured the integration correctly.

Tokens Available

The following tokens are available:

  • LogicModule-specific alert message tokens, as listed in Tokens Available in LogicModule Alert Messages.
  • ##ADMIN##. The user the alert was escalated to.
  • ##MESSAGE##. The rendered text of the alert message. This token will also pass all relevant acked information (e.g. the user that acknowledged the alert, ack comments, etc.).
  • ##ALERTTYPE##. The type of alert (i.e. alert, eventAlert, batchJobAlert, hostClusterAlert, websiteAlert, agentDownAlert, agentFailoverAlert, agentFailBackAlert, alertThrottledAlert).
  • ##EXTERNALTICKETID##. The ServiceNow incident ID.

Configuring Alert Rule and Escalation Chain

Alert rules and escalation chains are used to deliver alert data to your ServiceNow integration. When configuring these, there a few guidelines to follow to ensure tickets are opened, updated, and closed as expected within ServiceNow. These guidelines are discussed in Alert Integrations Overview.

Adding Acknowledge Option to ServiceNow Incident Form

Enable Acknowledge Field on Incident Forms (optional)

In addition to the base setup it is recommended to add the LogicMonitor Alert Acknowledge field to an Incident View.  This check box will allow technicians to acknowledge LogicMonitor alerts from ServiceNow.

  1. As a ServiceNow administrator open an incident form.
  2. Click the Menu button > Configure > Form Design:

3. Drag “LogicMonitor Alert Acknowledge” to the appropriate section of your form.

Additional ServiceNow solutions can be found in our Communities and Blog Posts that demonstrate custom implementations using the LogicMonitor Marketplace application as a base.

In This Article