Tech ONTAP Blogs

Using Cloud Insights webhooks in ServiceNow

Sidd
NetApp
5,314 Views

Using Cloud Insights webhooks in ServiceNow

Before we get started, make sure you are familiar with webhooks. You can find the documentation for how to use them in Cloud Insights here.


This blog post will help you to get started with leveraging Cloud Insights' webhook notification functionality in ServiceNow. Inside Cloud Insights, you have the ability to create Monitors, which are user defined thresholds that are monitored against selected metrics. When a metric crosses a threshold, an alert is generated and can trigger an email or webhook notification. In this blog post, you will find a set of steps to define a webhook and consume it in ServiceNow's incident management. The webhook request will simply contain all the available fields as a JSON object. ServiceNow has no generic endpoint for webhooks, so we will create one using a Scripted REST API endpoint.

Please Note: This blog will only cover the basic creation of an incident being generated by an alert triggered by Cloud Insights.

 


ServiceNow: Creating a Scripted REST API Endpoint

 

  1. In ServiceNow, navigate to the Scripted REST APIs page
  2. Click New
  3. Enter a name and App ID, for example: Cloud Insights Webhook
  4. Click Submit
  5. Navigate to the newly created endpoint
  6. In the Resources tab, click New
    • Provide a Name for this Resource
    • Set the HTTP method to POST
    • Uncheck Requires authentication (more on this later)
    • Uncheck Requires ACL Authorization
    • Make a note of the Resource Path
    • In the Script section, paste the following snippet:
      (function process( /*RESTAPIRequest*/ request, /*RESTAPIResponse*/ response) {
         
          //gs.log('NetApp Cloud Insights Webhook - RESTAPIRequest.body.data: ' + request.body.data);
          var payload = request.body.data;
          var gr = new GlideRecord('incident');
          gr.initialize();
          gr.urgency = 2;
          gr.short_description = payload.alertId + ' | ' + payload.triggeredOn;
          gr.description = '"' + payload.metricName + '" value of ' + payload.value + ' (' + payload.alertCondition + ') for ' + payload.triggeredOn + '\n' + payload.link;
          if (payload.severity == 'CRITICAL') {
              gr.impact = 1;
          } else {
              gr.impact = 2;
          }
          gr.insert();
          //gs.log('NetApp Cloud Insights Webhook - Incident will be created if data policies are passed on your instance.');
         
      })(request, response);​

The important part of the endpoint is the Script. Although rudimentary, it does all the work by creating a record in the incident table and updating fields based on the data in the webhook payload.
The Cloud Insights severity field is something that we want to handle properly when creating an incident, if the value is CRITICAL we set the impact field to high, else it is set to medium.
This part should be modified to your needs and currently it only performs the bare minimum.


Cloud Insights: Create a Webhook

 

  1. In Cloud Insights, navigate to Admin > Notifications
  2. Click on Webhooks at the top
  3. Click on the blue button + Webhook
  4. Provide a name, for example "ServiceNow"
  5. The template type is irrelevant, you can select Generic
  6. In the URL field, enter the ServiceNow instance URL + Resource Path that was noted when creating the resource
  7. The method should be POST
  8. In the Message Body, paste the following JSON snippet:
    {
        "alertDescription": "%%alertDescription%%",
        "alertId": "%%alertId%%",
        "link": "https://%%cloudInsightsHostname%%%%alertRelativeUrl%%",
        "metricName": "%%metricName%%",
        "monitorName": "%%monitorName%%",
        "objectType": "%%objectType%%",
        "severity": "%%severity%%",
        "alertCondition": "%%alertCondition%%",
        "triggerTime": "%%triggerTime%%",
        "triggerTimeEpoch": "%%triggerTimeEpoch%%",
        "triggeredOn": "%%triggeredOn%%",
        "value": "%%value%%"
    }​
  9. Click Save Webhook
  10. Click Test Webhook

At this point you should browse to ServiceNow, and search for the Incidents table in which you will find test Incident with variable names instead of actual data. Screenshot below:

test.png

 

 

 

Cloud Insights: Create a Monitor

 

In order for a webhook to do anything we must assign it as a notification type to a monitor. If you do not have any existing monitors, you can follow the instructions in the Cloud Insights documentation or an abbreviated version below.

  1. In Cloud Insights, navigate to Alerts > Monitors
  2. Click on the blue button + Monitor
  3. In the drop-down, search for and choose an object type and metric to monitor
  4. After choosing the object and metric to monitor, set the warning and/or critical thresholds
  5. Select an occurrence window
  6. In the Set up team notification(s) section, select Webhook
  7. For Critical and Warning, select the webhook you created for ServiceNow
  8. Click Save in the top right corner

 


Optional: Basic Authentication

 

If you want the webhook to use Basic Authentication, then first you must check
the Requires authentication box in the ServiceNow endpoint resource. After you have done that you will need to add the following line to the Headers section in the webhook in Cloud Insights, where the encoded value is a base64 hash of "user:password" without quotes:

 

Authorization: Basic encoded_value

 

Test the webhook once again to make sure it can authenticate successfully.


Conclusion

 

Now that you've learned how to set up ServiceNow, Monitors and webhooks in Cloud Insights, this enables alerts to be generated by the Monitor and create incidents in ServiceNow. You can also start creating additional Monitors for various metrics and thresholds and assigning the webhook you've created.

As you may have noticed, there is a severity type that we did not handle; Resolved alerts. As an exercise left to the reader, you can modify the script such that when a webhook with severity RESOLVED is received, the script will search for an existing incident that matches and resolve it automatically.

Public