You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Sep 2, 2025. It is now read-only.
:description: Configure Observability Cloud to send alerts to ServiceNow when a detector alert condition is met and when the condition clears.
8
+
:description: Configure Splunk Observability Cloud to send alerts to ServiceNow when a detector alert condition is met and when the condition clears.
10
9
11
10
You can configure Splunk Observability Cloud to automatically send alert notifications to ServiceNow when a detector alert condition is met and when the alert clears.
12
11
13
-
To send Observability Cloud alert notifications to ServiceNow, complete the following configuration tasks:
12
+
.. note:: This configuration guide doesn't cover every type of integration you can create in Splunk Observability Cloud, and your configuration may vary from the examples shown here.
13
+
14
+
To send Splunk Observability Cloud alert notifications to ServiceNow, complete the following configuration tasks:
14
15
15
16
* :ref:`servicenow1`
16
17
17
18
You must be a ServiceNow administrator to complete this task.
18
19
19
20
* :ref:`servicenow2`
20
21
21
-
You must be an Observability Cloud administrator to complete this task.
22
+
You must be a Splunk Observability Cloud administrator to complete this task.
22
23
23
24
* :ref:`servicenow3`
24
25
25
26
26
27
.. _servicenow1:
27
28
28
-
Step 1: Create a ServiceNow user for your Observability Cloud integration
29
+
Step 1: Create a ServiceNow user for your Splunk Observability Cloud integration
In this step, you create a ServiceNow user that you can use to receive alert notifications from Observability Cloud. You must be a ServiceNow administrator to complete this task.
32
+
In this step, you create a ServiceNow user that you can use to receive alert notifications from Splunk Observability Cloud. You must be a ServiceNow administrator to complete this task.
32
33
33
34
If you have an existing ServiceNow user that you want to use to receive alert notifications, the user has the :strong:`web_service_admin` and :strong:`itil` roles assigned, and you know the user ID and password, you can skip to :ref:`servicenow2`.
34
35
35
-
To set up a ServiceNow user for your Observability Cloud integration:
36
+
To set up a ServiceNow user for your Splunk Observability Cloud integration:
36
37
37
38
#. Log in to ServiceNow.
38
39
@@ -59,12 +60,12 @@ To set up a ServiceNow user for your Observability Cloud integration:
59
60
60
61
.. _servicenow2:
61
62
62
-
Step 2: Create a ServiceNow integration in Observability Cloud
63
+
Step 2: Create a ServiceNow integration in Splunk Observability Cloud
You must be an Observability Cloud administrator to complete this task.
66
+
You must be a Splunk Observability Cloud administrator to complete this task.
66
67
67
-
To create a ServiceNow integration in Observability Cloud:
68
+
To create a ServiceNow integration in Splunk Observability Cloud:
68
69
69
70
#. Log in to Splunk Observability Cloud.
70
71
#. Open the :new-page:`ServiceNow guided setup <https://login.signalfx.com/#/integrations/integrations/servicenow>`. Optionally, you can navigate to the guided setup on your own:
@@ -84,24 +85,37 @@ To create a ServiceNow integration in Observability Cloud:
84
85
#. In the :strong:`Password` field, enter the password from ServiceNow in :ref:`servicenow1`.
85
86
#. In the :strong:`Instance Name` field, enter your ServiceName instance name. For example, the instance name must use the format ``example.service-now.com``. Do not include a leading ``https://`` or a trailing ``/``. Additionally, you cannot use local ServiceNow instances.
86
87
87
-
To troubleshoot potential blind server-side request forgeries (SSRF), Observability Cloud has included ``\*.service-now.com`` on an allow list. As a result, if you enter a domain name that is rejected by Observability Cloud, contact :ref:`support` to update the allow list of domain names.
88
+
To troubleshoot potential blind server-side request forgeries (SSRF), Splunk Observability Cloud has included ``\*.service-now.com`` on an allow list. As a result, if you enter a domain name that is rejected by Splunk Observability Cloud, contact :ref:`support` to update the allow list of domain names.
89
+
90
+
#. Select :strong:`Incident`, :strong:`Problem`, or :strong:`Event` to indicate the issue type you want the integration to create in ServiceNow. If necessary, you can create a second integration using the other issue type. This lets you create an incident issue for one detector rule and a problem issue for another detector rule. The following table shows the roles required to create each issue type:
91
+
92
+
.. list-table::
93
+
:header-rows: 1
94
+
:width: 100
88
95
89
-
#. Select :strong:`Incident`, :strong:`Problem`, or :strong:`Event` to indicate the issue type you want the integration to create in ServiceNow. If necessary, you can create a second integration using the other issue type. This lets you create an incident issue for one detector rule and a problem issue for another detector rule.
96
+
* - Issue type
97
+
- Role needed
98
+
* - Problem
99
+
- ``user_admin``, ``itil``
100
+
* - Incident
101
+
- ``user_admin``, ``itil``
102
+
* - Event
103
+
- None
90
104
91
105
#. :strong:`Save`.
92
106
93
-
#. If Observability Cloud can validate the ServiceNow username, password, and instance name combination, a :strong:`Validated!` success message displays. If an error displays instead, make sure that the values you entered match the values in ServiceNow.
107
+
#. If Splunk Observability Cloud can validate the ServiceNow username, password, and instance name combination, a :strong:`Validated!` success message displays. If an error displays instead, make sure that the values you entered match the values in ServiceNow.
94
108
95
109
96
110
.. _servicenow3:
97
111
98
-
Step 3: Add a ServiceNow integration as a detector alert recipient in Observability Cloud
112
+
Step 3: Add a ServiceNow integration as a detector alert recipient in Splunk Observability Cloud
once the detector docs are migrated - this step may be covered in those docs and can be removed from these docs. below link to :ref:`detectors` and :ref:`receiving-notifications` instead once docs are migrated
103
117
104
-
To add a ServiceNow integration as a detector alert recipient in Observability Cloud:
118
+
To add a ServiceNow integration as a detector alert recipient in Splunk Observability Cloud:
105
119
106
120
#. Create or edit a detector that you want to configure to send alert notifications using your ServiceNow integration.
107
121
@@ -113,11 +127,11 @@ To add a ServiceNow integration as a detector alert recipient in Observability C
113
127
114
128
#. Activate and save the detector.
115
129
116
-
Observability Cloud sends an alert notification to create an incident in ServiceNow when the detector triggers an alert. When the alert clears, it sends a notification that sets the incident state to :strong:`Resolved`.
130
+
Splunk Observability Cloud sends an alert notification to create an incident in ServiceNow when the detector triggers an alert. When the alert clears, it sends a notification that sets the incident state to :strong:`Resolved`.
117
131
118
-
For :strong:`Incident` and :strong:`Problem` issues, the ServiceNow integration sets the :strong:`Impact` and :strong:`Urgency` fields on the ServiceNow issue based on the Observability Cloud alert severity (see :ref:`severity`).
132
+
For :strong:`Incident` and :strong:`Problem` issues, the ServiceNow integration sets the :strong:`Impact` and :strong:`Urgency` fields on the ServiceNow issue based on the Splunk Observability Cloud alert severity (see :ref:`severity`). When you clear alerts for :strong:`Problem` and :strong:`Incident` issues, Splunk Observability Cloud marks them as :strong:`Resolved`.
119
133
120
-
The following table shows the Observability Cloud severity for :strong:`Incident` and :strong:`Problem` issues:
134
+
The following table shows the Splunk Observability Cloud severity for :strong:`Incident` and :strong:`Problem` issues:
121
135
122
136
.. list-table::
123
137
:header-rows: 1
@@ -135,9 +149,9 @@ The following table shows the Observability Cloud severity for :strong:`Incident
135
149
- 3
136
150
137
151
138
-
For :strong:`Event` issues, the ServiceNow integration sets the :strong:`Severity` of the issue based on the Observability Cloud alert severity (see :ref:`severity`).
152
+
For :strong:`Event` issues, the ServiceNow integration sets the :strong:`Severity` of the issue based on the Splunk Observability Cloud alert severity (see :ref:`severity`). The :strong:`Event` integration also creates an event whenever an alert is sent or cleared.
139
153
140
-
The following table shows the Observability Cloud severity for :strong:`Event` issues:
154
+
The following table shows the Splunk Observability Cloud severity for :strong:`Event` issues:
0 commit comments