ServiceNow
The ServiceNow integration forwards ITRS Analytics notifications to ServiceNow. Use this integration to manage ITRS Analytics notifications through your ServiceNow incident or event workflows.
Choose Incident Management to create incidents and keep them updated through the Table API, or Event Management to send events that ServiceNow uses to create and update alerts.
From the Web Console, select Notifications > Targets.
- Expand the ServiceNow section by clicking
. - Click
next to ServiceNow, then enter your connection settings.
Configure a ServiceNow target Copied
A ServiceNow target defines how ITRS Analytics connects to your ServiceNow instance by defining which instance to use and how to authenticate.
| Setting | Description |
|---|---|
| Name | A descriptive name for this target. |
| Instance ID | Your ServiceNow instance identifier. |
| Description | (Optional) Additional context for this target. |
| Authentication Type > Basic | Username and password for a ServiceNow user that can create and update incidents. |
| Authentication Type > OAuth | Username, password, client ID, and client secret for OAuth. |
Note
- Click Test connection to verify that ITRS Analytics can reach your ServiceNow instance with these settings.
- You can reuse the same target across multiple notifications.
Incident management Copied
The Notifications app supports ServiceNow Incident Management. When a notification triggers, the app creates a new incident through the ServiceNow Table API. Reminder and cleared notifications then update the same incident.
Incident table settings Copied
To configure incident table settings, ensure that you have selected ServiceNow as the notification target in the Create Notification window. Then, select Incident Management in the notification Type dropdown.
This allows you to define dynamic custom fields that are sent with the incident payload, providing flexibility in your configuration. You can use placeholder values that are substituted at run-time based on the dimensions and attributes of the entity that triggered the notification.
The incident table name defaults to incident. Click Add Incident Table Field to add the following:
- Key — ServiceNow incident field name.
- Value — static text or a placeholder. For the full list of supported placeholders, see placeholder values.
For example, set Key to category and Value to ${entity.attribute[Category]}. When the notification runs, the value is replaced with the Category attribute of the triggering entity. If the attribute is missing, the value is empty unless you use .orElse[...].
Incident creation Copied
Incidents are created with the following fields:
| Name | Value |
|---|---|
| short_description | Triggered notification title. |
| description | Triggered notification body. |
| urgency |
|
| impact |
|
| caller_id | Configured authentication username. |
Incident update Copied
Incidents are updated when notification reminders are sent and when the notification is cleared. Updates are added as comments to the existing incident with the following format:
<Reminder/Cleared notification title>
<Reminder/cleared notification body>
Event management Copied
The Notifications app supports ServiceNow Event Management. The app sends events to the ServiceNow em_event table through the Event Management bulk endpoint, where ServiceNow Event Management processes them to create or update alerts.
Event configuration Copied
To configure event settings, ensure that you have selected ServiceNow as the notification target in the Create Notification window. Then, select Event Management in the notification Type dropdown.
Fields in the Event Settings section define standard ServiceNow event columns.
All fields are optional. You can use placeholders that are substituted at run-time based on the dimensions and attributes of the entity that triggered the notification.
| Field | Default | Description |
|---|---|---|
| Source | IAX |
Name of the event source type. |
| Source Instance | ${notification.name} |
Specific instance of the source. |
| Metric Name | ${entity} or ${group} |
Identifies what triggered the alert. Defaults to ${entity} for entity notifications, or ${group} when the notification is grouped. |
| Type | Alert |
Type of event for general grouping. |
| Node | None | Host identifier (name, FQDN, IP, or MAC). ServiceNow may use this to bind the event to a CMDB configuration item. |
| Resource | None | Device or application on the host when the event refers to one (for example, a disk, CPU, or service name). |
Tip
While using the app, you can hover over the field names to view tooltips.
In addition to the configured event fields, the notifier sets the following on each event:
| Field | Value |
|---|---|
| severity | CRITICAL: 1, WARNING: 4, CLEAR: 0 |
| description | Notification title and body |
| message_key | Stable identifier for the notification and entity or group |
| additional_info | Entity or group data |
Placeholders Copied
Event field values support the same placeholders as notification messages and incident table fields. Click Available Placeholder Variables in Event Settings to view the available placeholders.
Note
Placeholders for grouped notifications are not supported in non-grouped notifications, and vice versa.
Event update Copied
Follow-up notifications for the same notification and entity or group create a new event. ServiceNow updates the corresponding alert associated with that notification and entity or group.
When a notification is cleared, the event severity is set to CLEAR (0).