This article is a supplement to the ServiceNow documentation. For full documentation please refer ServiceNow official website
Checkout our NEW Video Channel you can like and subscribe too!

Introduction

Netcool is the event management tool. Events created by Netcool shall be filtered and the qualified events shall be created as Incidents in ServiceNow.Netcool integration will be controlled by ServiceNow instance through pull mechanism. Netcool remains in the green zone and will expose the REST APIs to gather the Event details. The REST APIs shall be accessible only within the green zone. ServiceNow instance will use the MIdServers to invoke the Netcool REST APIs to get the Incident details.

ServiceNow will initiate the pull every two minutes using the MID server. Filtering mechanism will be applied within the REST APIs to pull only the qualified events to be incidents. The incidents will be created in ServiceNow. Netcool event filtering logic is discussed in Event Filtering Logic section of the document.

netcool and servicenow integration114112019.png

Functional Requirements

  1. Netcool system is the source for event information.
  2. ServiceNow to communicate with Netcool system via REST Message using MidServer.
  3. ServiceNow to pull events from Netcool periodically or on Demand.
  4. Segregate the pulled events as qualified/unqualified events based on the qualification rules.
  5. Ticketing logical Conditions :
    • Event Severity
       (severity)  > 1 and Customer Code (customercode) = “XXXX” 
      
    • Event Enrichment has been processed for event ZprocessState = 1
    • There is no Maintenance Windows SuppressEscl not in (4,6)
    • Match filter conditions based on Event Data.
    • If found a filter register and Ticket force off equal 1 ( TICKETFORCEOFF = 1), then no automation ticket is required.
    • If none filter is found, then no automation ticket is required
    • If found a filter and Ticket force off not equal 1 ( TICKETFORCEOFF <> 1 and TICKETACTIONID<>' '), then automation ticket is required. The create incident will be set to needed (create incident= true), and if there are a specific value for ZticketGroup or ZticketServerity in filter register they will be used for ticketing process, else the default value will be set.
    • Default value for ticket Group is set in the system property ->Netcool DefaultAssignmentGroup
    • Default value for ticket severity map is :5;5;4;3;2;2
    • Finally the auto ticketing will be executed ,
      when createincident= true and Severity!=0 and RCauseServerSerial=0 and RCorrDelay=0.
      
    • After the auto ticketing solution has been executed with success the TicketNumber and TicketStatus will be updated on eventQualified events to create an incident, if an incident is not present or if it is already resolved, closed or canceled.
    • A related list should be available on the incident table to view the qualified events related to the incident.
  6. System properties to be available to configure start time and end time parameters for On Demand Netcool data pull.
  7. All Incidents generated by Netcool will initially have values of Category: Monitoring Event, SubCategory: Netcool. These special values will not be available for users to select.
    • When these Incidents are viewed in ServiceNow, as long as they still have these default values a blue “Info” message will appear at the top of the form that says “The Category and SubCategory values for this Incident must be changed before it can be Resolved. The new Category/Subcategory should be chosen to correctly reflect the nature of the alert.Changes to the Incident can still be saved at this point even if the values are not changed.
    • If user attempts to Resolve the incident and the values have not been changed from the defaults, the same message will display as a red “Error” message and they will be prevented from saving/Resolving the Incident until the Category/SubCategory has been changed.
  8. Purge qualified events that are older than 90 days.
  9. Purge qualified events that are older than 14 days.

Event Filtering Logic

In order to identify if an event is qualified below logic is applied.

Event Severity (severity)  > 1
Event Customer Code (customercode) = “XXXX”
Event Enrichment has been processed for event (ZprocessState) > 0
There is no Maintenance Windows (SuppressEscl) not in (4,6)
Event (RCorrDelay)=0
Event (RCauseServerSerial)=0
At least one Filter condition matches

The filters are matched based on descending order of filter weight if a filter of highest weight matches then that filter will be picked up else the matching process continues to find a filter that matches the event attributes. Once the filter is matched event severity map and assignment group are identified. Severity map is used to get the ticket severity based on event severity. Below examples show how it is done.

Example 1: If the severity map is 5;5;4;3;2;2 then ticket severity is identified based on the event severity. netcool and servicenow integration214112019.png

Example 2: If the severity map is 5;5;4;3;3;3 then ticket severity is identified based on the event severity. netcool and servicenow integration314112019.png

Netcool Event Severity map

  5-CRITICAL
  4-MAJOR
  3-MINOR
  2-WARNING
  1-INDETERMINATE
  0-CLEAR.

Ticket severity is identified impact and urgency are identified based on below table

netcool and servicenow integration414112019.png

REST Message

System Webservices -> Outbound -> REST Message , create new REST Message with following details

Name : Netcool Integration
Description : This REST message is used to pull events from Netcool Omnibus using REST http GET method.
Endpoint :http://XXXX:8080/objectserver/restapi/alerts/status
Accessible from : This application scope only.
Authentication : Authentication type = Basic 
HTTP Request : HTTP Headers :
Name : Content-Type
Value : application/json
Setup Authentication Profile
Open the REST Message: Netcool Integration

Click on the search button next to Authentication -> Basic Auth profile, click on New

Name : DOCCredentials

  • Username : enter the correct username based on instance
  • Password : enter the correct password based on instance

Submit the record.

Add HTTP Method (GET)

//Name: GET 
//HTTP Method = GET

Endpoint = http://XXXX:8080/objectserver/restapi/alerts/status

Authentication -> Authentication type : Basic
Authentication -> Basic Auth profile : DOCCredentials

Script includes

Create a Script include that performs below functions

  1. Reads the system properties setup for netcool integration.
  2. Makes a call to Netcool REST API using the system properties for midserver name, authentication profile, end point url, last run time, start time and end time ( incase of one off data pull)
  3. Parse the data returned by the REST API using servicenow JSON parser.
  4. Delete all the existing records in netcool all events table which are in state as skipped.
  5. Create records in netcool all events table based on the data returned from REST API, all the event columns returned from the REST API should map to the columns in this table.
  6. Create a record in netcool RAW responses table with the response returned from REST API
  7. Store the reference of the netcool raw response in the netcool all events table
  8. Generate log statements based on the debug property set on netcool properties
  9. Have a provision to run incremental data pull and a data pull in a given time span by taking start time and end time as parameters

In case of incremental run, update the last run time system property once the run is successful

Develop a script include that performs following functions

  1. The script include that loads data in netcool all events table.
  2. This new script include will process the records in netcool all events table and separates them into qualified and unqualified events.
  3. Based on the event filtering Logic identify if an event is a qualified or unqualified event.
  4. Update the filter reference, ticket assignment group, ticket severity based on the assignment group and severity map on the matching filter, if the assignment group on the filter is empty set the assignment group based on the system property = netcoolDefaultAssignmentGroup.
      If the severity map on the matching filter is empty use the default severity map = 5;5;4;3;2;2 
    
  5. If an event is a qualified event then following steps are performed.
  6. Check in the qualified events table to see
     If a similar event already exists, if it does
     Move the event record from all events table to qualified events table, 
     set the state of the record to "Processed"
    
  7. Update the incident number field on the newly created event record with the matching event.
  8. If the qualified event is a new event then Move the event record from all events table to qualified events table, set the state of the record to “Processing”
  9. If an event is an unqualified event then following steps are performed. Move the event record from all events table to unqualified events table, set the state of the record to “Processed”

Create script include that performs following functions**

Query table = u_netcool_event_qualified for records with state = 'Processing'
  1. Check if the event record already has an incident created from it
  2. If the incident exists, check if the incident is active.
  3. if the incident is active, set the state of the event to ‘Processed’
  4. If the event doesn’t have any active incident perform following steps
    • Search in CMDB_CI table with name = node (of the event). If a CI record is found, use that CI to create an incident
    • If no CI is found then use the ‘Default CI’ record to create an incident.
    • The incident should have category = Monitoring, subcategory = Netcool
    • The incident should have severity as ticket severity (identified by script include-2)
    • The incident should have assignment group as assignment group (identified by script include-2);

Create script include that performs following functions

This is a script include that converts a glide record to a JSON. This is used in Script include-2 to perform matching of correct filter based on the event attributes.

Roles

Create role

netcool_admin

Contain Roles

u_netcool_unqualified_event_user 
u_netcool_qualified_event_user 
u_netcool_all_events_user 
u_netcool_raw_response_user
u_netcool_category_mapping_user

Application Menu and Modules

System Definition -> Application Menu -> New

Title= Netcool Inegration

Role= Netcool Admin

Category= Integration

Description= Application Menu for Netcool Integration

netcool and servicenow integration514112019.png

Scheduled jobs

A job Netcool Data pull that runs periodically and runs following script

  new NiSourcenetcoolPullEvents().getNetcoolEvents(startTime,endTime);
  new NiSourceNetcoolProcessEvents().processEvents();
  new NiSourceNetcoolProcessQualifiedEvents().processQualifiedEvents();
 

A job that runs on Demand and runs following script

  var startTime = gs.getProperty('netcoolOneOffStartTime');
  var endTime = gs.getProperty('netcoolOneOffEndTime');
  new NiSourcenetcoolPullEvents().getNetcoolEvents(startTime,endTime);
  new NiSourceNetcoolProcessEvents().processEvents();
  new NiSourceNetcoolProcessQualifiedEvents().processQualifiedEvents();
    Content