ServiceNow (Incident Management) Integration

Your LogicMonitor account comes ready to integrate alert messages with your ServiceNow account. The bidirectional integration enables LogicMonitor to open, update and close ServiceNow incidents based on LogicMonitor alerts. By sending alerts from LogicMonitor into ServiceNow, you can take advantage of ServiceNow’s alerting platform features to increase uptime of your apps, servers, websites, and databases. ServiceNow users can also acknowledge an alert directly from an incident in ServiceNow. 

You can use the LogicMonitor ServiceNow integration to create, update and close ServiceNow incidents in response to alerts triggered in your account.  You'll need to:

  1. Install the LogicMonitor/ServiceNow application from this link.
  2. Enable the ServiceNow integration in your LogicMonitor account
  3. Add the ServiceNow integration as the contact method for a recipient in an escalation chain
  4. Add the escalation chain to an alert rule

When a triggered alert matches the alert rule and is routed to the escalation chain with the ServiceNow integration, an incident will be created in your ServiceNow account.  The ticket can then be updated and/or closed when the alert is acknowledged, escalated, de-escalated and/or cleared. 

Before you proceed setting-up the ServiceNow integration, please be aware that this integration requires ServiceNow Enterprise and is compatible with the following ServiceNow versions:

  • Madrid
  • London
  • Kingston
  • Jakarta

1. Download and configure LogicMonitor application from ServiceNow Store

  • Click the GET button on the LogicMonitor Store page.
  • Accept ServiceNow’s Notice by clicking Continue
  • Note the Dependencies and Continue if they apply to your environment
    • For the Entitlement Section choose to make the application available to all instances or just specific ones.  (NOTE: This step does not install the application, it just makes it available for install later.)
    • Accept the ServiceNow Terms
    • Click GET
  • Login to your ServiceNow instance
  • Navigate to System Applications | Applications
  • The LogicMonitor Incident Management application should be available in the Downloads section.  Click Install to add the application to your instance.

After the application is installed you will need to provide account details for ServiceNow to automatically acknowledge alerts:

  • Navigate to LogicMonitor Incident Management | Setup | Properties
  • Set values for:
    • LogicMonitor Account Name
    • API Access ID*
    • API Access Key*
  • Click Save
*Documentation for API Only users and keys can be found here.


2. Enable the ServiceNow Integration in your LogicMonitor Account 

You can enable the ServiceNow Integration in your account from Settings | Integrations.  Select Add and then ServiceNow: 


Your ServiceNow subdomain.  You can find this in your ServiceNow portal URL.  For example, if your ServiceNow portal url is, your subdomain would be dev.


The username associated with the ServiceNow account you'd like LogicMonitor to use to open, update and close ServiceNow incidents. Ensure that this user account is assigned the "LogicMonitor Integration" (x_lomo_lmint.LogicMonitor Integration) role, which was automatically added to your ServiceNow instance as part of the LogicMonitor application installation performed in step 1.


The password associated with the ServiceNow username you specified.

ServiceNow Default Settings

The ServiceNow Settings section enables you to configure how incidents are created in ServiceNow for LogicMonitor alerts.

ServiceNow Default Settings


The ServiceNow company that incidents will be created for.

Note: If you'd like to create, update and delete tickets across multiple ServiceNow companies, you can do that by setting the following property on the device whose alerts should trigger a new or change to existing ServiceNow incident:

When an alert is triggered and routed to the ServiceNow Integration, LogicMonitor will first check to see if this property exists for the device associated with the alert. If it does exist, its value will be used instead of the value set in the Integration form.

Due Date

This field will determine how LogicMonitor sets the due date of the incidents in ServiceNow. Specifically, the ServiceNow incident due date will be set to the number of days you set this field to.

ServiceNow Severities

Indicate how the LogicMonitor alert severities should map to incidents created in your ServiceNow portal.

Note: This mapping determines severity level only for the ServiceNow incident. It does not play a role in determining the incident's priority level.

ServiceNow status

Indicate how the LogicMonitor alert statuses should update the incidents created in your ServiceNow portal.

HTTP Delivery

The HTTP Delivery section controls how LogicMonitor formats and sends the HTTP requests to create, update and/or close incidents.  You shouldn't need edit anything in the HTTP Delivery section, but if you wish to customize something you can use the information in the following sections to guide you.  If not, you can save the integration now and proceed to add it to an escalation chain. 

By default, LogicMonitor will pre-populate four different HTTP requests, one for each of:

  • new alerts (Active)
  • acknowledged alerts (Acknowledged)
  • cleared alerts (Cleared)
  • escalated alerts (Escalated)

For each request you can select which alert statuses should trigger the HTTP request.  Requests will be sent for new alerts (status: Active), and can additionally be sent for alert acknowledgements (status: Acknowledged), clears (status: Cleared) and escalations/de-escalations (status: Escalated).  Note that each alert status can only be associated with one request.  Since LogicMonitor auto-populates a different request for each alert status by default, you'll have to delete a request in order to see the option to include that alert status in a different request.

HTTP Method

The HTTP method for ServiceNow integrations is restricted to POST and PUT.


The URL that the HTTP request should be made to.  This field is auto-populated based on information you've provided.

Alert Data

The custom formatted alert data to be send in the HTTP request (used to create, update and close ServiceNow incidents).  This field will be auto-populated for you.  If desired, you can customize the alert data field using tokens

Test Alert Delivery

This option sends a test alert and provides the response, enabling you to test whether you've configured the integration correctly. 

Tokens Available

The following tokens are available:

  • LogicModule-specific alert message tokens, as listed in Tokens Available in LogicModule Alert Messages.
  • ##ADMIN##. The user the alert was escalated to.
  • ##MESSAGE##. The rendered text of the alert message. This token will also pass all relevant acked information (e.g. the user that acknowledged the alert, ack comments, etc.).
  • ##ALERTTYPE##. The type of alert (i.e. alert, eventAlert, batchJobAlert, hostClusterAlert, websiteAlert, agentDownAlert, agentFailoverAlert, agentFailBackAlert, alertThrottledAlert).
  • ##EXTERNALTICKETID##. The ServiceNow incident ID.

ServiceNow Changes

Enable Acknowledge Field on Incident Forms (optional)

In addition to the base setup it is recommended to add the LogicMonitor Alert Acknowledge field to an Incident View.  This check box will allow technicians to acknowledge LogicMonitor alerts from ServiceNow.

  1. As a ServiceNow administrator open an incident form.
  2. Click the Menu button > Configure > Form Design:

3. Drag “LogicMonitor Alert Acknowledge” to the appropriate section of your form.

Additional ServiceNow solutions can be found in our Communities and Blog Posts that demonstrate customized implementations using the LogicMonitor Marketplace application as a base.