Integrate with ServiceNow to receive notifications in your ServiceNow workspace.

Adding a ServiceNow notification endpoint

Add a dedicated user in your ServiceNow workspace

Open your ServiceNow instance and create a new user. See ServiceNow docs for details.

Special requirements:

  1. Check off Web service access only.
  2. Assign the user the role incident_manager. - ServiceNow integration requires the user role: incident_manager

Add the endpoint

Go to the Notification endpoints page, and click Add endpoint. Fill in the form:

  1. Type: Select the option ServiceNow.
  2. Instance URL: Enter the URL for your ServiceNow instance.
  3. Username: Enter a ServiceNow username that has been assigned the role incident_manager.
  4. Password: Provide the password for the above ServiceNow username.
Test the endpoint (Optional)

Click Run the test to test your endpoint. shows if the message was successfully sent.

Check that the message arrived at the target endpoint.

Save the endpoint

Save your endpoint. ServiceNow Notification template

The ServiceNow endpoint comes pre-configured with the following notification template. The double-brackets indicate variables that will be auto-populated by with data specific to the triggered alert.

"short_description": "{{alert_severity}}: {{alert_title}}",
"correlation_id": "logzio_{{alert_definition_id}}",
"state": "1",
"description": "Severity: {{alert_severity}}\nAlert Description: {{alert_description}}\n\nURL to investigate the alert:\n{{alert_app_url}}/#/view-triggered-alert?&from={{alert_timeframe_start_epoch_millis}}&to={{alert_timeframe_end_epoch_millis}}&definitionId={{alert_definition_id}}&switchToAccountId={{account_id}}\n\nLog samples:\n{{alert_samples}}"
"work_notes":"Investigate the alert:\n[code]<a href="{{alert_app_url}}/#/view-triggered-alert?&from={{alert_timeframe_start_epoch_millis}}&to={{alert_timeframe_end_epoch_millis}}&definitionId={{alert_definition_id}}&switchToAccountId={{account_id}}">View in OpenSearch Dashboards</a>[/code]"

ServiceNow endpoints do not support resolved alerts.