Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Connect
    Services

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    ServiceNow (Incident Management) Integration

    Last updated on 04 November, 2022

    Your LogicMonitor account comes ready to integrate alert messages with your ServiceNow account. The bidirectional integration enables LogicMonitor to open, update and close ServiceNow incidents based on LogicMonitor alerts. By sending alerts from LogicMonitor into ServiceNow, you can take advantage of ServiceNow’s alerting platform features to increase uptime of your apps, servers, websites, and databases. ServiceNow users can also acknowledge an alert directly from an incident in ServiceNow.

    As discussed in the following sections, setup of this integration requires:

    1. Installation of the LogicMonitor Incident Management Integration from the ServiceNow store.
    2. Configuration of the integration within LogicMonitor
    3. Configuration of alert rule/escalation chain to deliver alert data to the integration
    4. Configuration of ServiceNow (optional) to include acknowledge option on incident form

    Installing and Configuring the LogicMonitor Incident Management Integration

    1. Click the GET button on the LogicMonitor Store page.
    2. Accept ServiceNow’s Notice by clicking Continue
    3. Note the Dependencies and Continue if they apply to your environment
      • For the Entitlement Section choose to make the application available to all instances or just specific ones.  (NOTE: This step does not install the application, it just makes it available for install later.)
      • Accept the ServiceNow Terms
      • Click GET
    4. Login to your ServiceNow instance
    5. Navigate to System Applications > Applications
    6. The LogicMonitor Incident Management application should be available in the Downloads section.  Click Install to add the application to your instance.

    After the application is installed you will need to provide account details for ServiceNow to automatically acknowledge alerts:

    1. Navigate to LogicMonitor Incident Management > Setup > Properties
    2. Set values for:
      • LogicMonitor Account Name
      • API Access ID*
      • API Access Key*
    3. Click Save

    *As discussed in API Tokens, API tokens for LogicMonitor’s REST API are created and managed from the User Access page in the LogicMonitor platform.

    lm-snow-incident-setup

    Configuring the Integration in LogicMonitor

    You can enable the ServiceNow Integration in your account from Settings > Integrations.  Select Add and then ServiceNow:

    SubDomain

    Your ServiceNow subdomain. You can find this in your ServiceNow portal URL. For example, if your ServiceNow portal url is https://dev.service-now.com/, your subdomain would be dev.

    Username

    The username associated with the ServiceNow account you want LogicMonitor to use to open, update and close ServiceNow incidents. Ensure that this user account is assigned the “LogicMonitor Integration” (x_lomo_lmint.LogicMonitor Integration) role, which was automatically added to your ServiceNow instance as part of the LogicMonitor application installation performed in step 1.

    Password

    The password associated with the ServiceNow username you specified.

    ServiceNow Default Settings

    The ServiceNow Settings section enables you to configure how incidents are created in ServiceNow for LogicMonitor alerts.

    ServiceNow Default Settings

    Company

    The ServiceNow company that incidents will be created for.

    Note: If you’d like to create, update and delete tickets across multiple ServiceNow companies, you can do that by setting the following property on the device whose alerts should trigger a new or change to existing ServiceNow incident:

    servicenow.company

    When an alert is triggered and routed to the ServiceNow Integration, LogicMonitor will first check to see if this property exists for the device associated with the alert. If it does exist, its value will be used instead of the value set in the Integration form.

    Due Date

    This field will determine how LogicMonitor sets the due date of the incidents in ServiceNow. Specifically, the ServiceNow incident due date will be set to the number of days you set this field to.

    ServiceNow Severities

    Indicate how the LogicMonitor alert severities should map to incidents created in your ServiceNow portal.

    Note: This mapping determines severity level only for the ServiceNow incident. It does not play a role in determining the incident’s priority level.

    ServiceNow status

    Indicate how the LogicMonitor alert statuses should update the incidents created in your ServiceNow portal.

    HTTP Delivery

    The HTTP Delivery section controls how LogicMonitor formats and sends the HTTP requests to create, update and/or close incidents. You shouldn’t need edit to anything in the HTTP Delivery section, but if you wish to customize something you can use the information in the following sections to guide you.  If not, you can save the integration now and proceed to the Configuring Alert Rule and Escalation Chain section.

    By default, LogicMonitor will pre-populate four different HTTP requests, one for each of:

    • new alerts (Active)
    • acknowledged alerts (Acknowledged)
    • cleared alerts (Cleared)
    • escalated alerts (Escalated)

    For each request, you can select which alert statuses trigger the HTTP request. Requests are sent for new alerts (status: Active), and can also be sent for alert acknowledgements (status: Acknowledged), clears (status: Cleared) and escalations/de-escalations/adding note (status: Escalated). 

    Note: If the escalated status is selected and a note is added to the alert, an update request is sent whether the alert is active/cleared. If the escalated status is not selected and a note is added to the alert, a request is not sent.

    HTTP Method

    The HTTP method for ServiceNow integrations is restricted to POST and PUT.

    URL

    The URL that the HTTP request should be made to. This field is auto-populated based on information you’ve provided.

    Alert Data

    The custom formatted alert data to be send in the HTTP request (used to create, update and close ServiceNow incidents). This field will be auto-populated for you. You can customize the alert data field using tokens.

    Test Alert Delivery

    This option sends a test alert and provides the response, enabling you to test whether you’ve configured the integration correctly.

    Tokens Available

    The following tokens are available:

    • LogicModule-specific alert message tokens, as listed in Tokens Available in LogicModule Alert Messages.
    • ##ADMIN##. The user the alert was escalated to.
    • ##MESSAGE##. The rendered text of the alert message. This token will also pass all relevant acked information (e.g. the user that acknowledged the alert, ack comments, etc.).
    • ##ALERTTYPE##. The type of alert (i.e. alert, eventAlert, batchJobAlert, hostClusterAlert, websiteAlert, agentDownAlert, agentFailoverAlert, agentFailBackAlert, alertThrottledAlert).
    • ##EXTERNALTICKETID##. The ServiceNow incident ID.

    Configuring Alert Rule and Escalation Chain

    Alert rules and escalation chains are used to deliver alert data to your ServiceNow integration. When configuring these, there a few guidelines to follow to ensure tickets are opened, updated, and closed as expected within ServiceNow. For more information, see Alert Rules.

    Alert Acknowledgement

    You can configure an incident form in ServiceNow to acknowledge LogicMonitor alerts from ServiceNow. This involves adding an Acknowledge option to a ServiceNow Incident form, and allows technicians to view acknowledged LogicMonitor alerts from ServiceNow.

    Requirements

    To acknowledge LogicMonitor alerts from ServiceNow, you must have the LogicMonitor instance set up in the Incident Management Setup tab in ServiceNow. This involves providing your LogicMonitor Account Name and corresponding API Tokens. 

    For more information about configuring an incident in ServiceNow, see ServiceNow’s Incident Management documentation.

    For more information about creating LogicMonitor API tokens, see API Tokens.

    Adding Acknowledge Option to ServiceNow Incident Form

    Recommendation: Add the LogicMonitor Alert Acknowledge field to an Incident View in addition to the base setup.

    1. As a ServiceNow administrator open an incident form.
    2. Click the Menu button > Configure > Form Design.

    3. Drag “LogicMonitor Alert Acknowledge” to the appropriate section of your form.

    Additional ServiceNow solutions can be found in our Communities and Blog Posts that demonstrate custom implementations using the LogicMonitor Marketplace application as a base.

    In This Article