Netcool is the event management tool. Events created by Netcool shall be filtered and the qualified events shall be created as Incidents in ServiceNow.Netcool integration will be controlled by ServiceNow instance through pull mechanism. Netcool remains in the green zone and will expose the REST APIs to gather the Event details. The REST APIs shall be accessible only within the green zone. ServiceNow instance will use the MIdServers to invoke the Netcool REST APIs to get the Incident details.
ServiceNow will initiate the pull every two minutes using the MID server. Filtering mechanism will be applied within the REST APIs to pull only the qualified events to be incidents. The incidents will be created in ServiceNow. Netcool event filtering logic is discussed in Event Filtering Logic section of the document.
- Netcool system is the source for event information.
- ServiceNow to communicate with Netcool system via REST Message using MidServer.
- ServiceNow to pull events from Netcool periodically or on Demand.
- Segregate the pulled events as qualified/unqualified events based on the qualification rules.
- Ticketing logical Conditions :
- Event Severity
(severity) > 1 and Customer Code (customercode) = “XXXX”
- Event Enrichment has been processed for event
ZprocessState = 1
- There is no Maintenance Windows SuppressEscl not in (4,6)
- Match filter conditions based on Event Data.
- If found a filter register and Ticket force off equal 1
( TICKETFORCEOFF = 1), then no automation ticket is required.
- If none filter is found, then no automation ticket is required
- If found a filter and Ticket force off not equal 1
( TICKETFORCEOFF <> 1 and TICKETACTIONID<>' '), then automation ticket is required. The create incident will be set to needed
(create incident= true), and if there are a specific value for ZticketGroup or ZticketServerity in filter register they will be used for ticketing process, else the default value will be set.
- Default value for ticket Group is set in the system property ->Netcool DefaultAssignmentGroup
- Default value for ticket severity map is :5;5;4;3;2;2
- Finally the auto ticketing will be executed ,
when createincident= true and Severity!=0 and RCauseServerSerial=0 and RCorrDelay=0.
- After the auto ticketing solution has been executed with success the TicketNumber and TicketStatus will be updated on eventQualified events to create an incident, if an incident is not present or if it is already resolved, closed or canceled.
- A related list should be available on the incident table to view the qualified events related to the incident.
- Event Severity
- System properties to be available to configure start time and end time parameters for On Demand Netcool data pull.
- All Incidents generated by Netcool will initially have values of Category: Monitoring Event, SubCategory: Netcool. These special values will not be available for users to select.
- When these Incidents are viewed in ServiceNow, as long as they still have these default values a blue “Info” message will appear at the top of the form that says “The Category and SubCategory values for this Incident must be changed before it can be Resolved. The new Category/Subcategory should be chosen to correctly reflect the nature of the alert.Changes to the Incident can still be saved at this point even if the values are not changed.
- If user attempts to Resolve the incident and the values have not been changed from the defaults, the same message will display as a red “Error” message and they will be prevented from saving/Resolving the Incident until the Category/SubCategory has been changed.
- Purge qualified events that are older than 90 days.
- Purge qualified events that are older than 14 days.
In order to identify if an event is qualified below logic is applied.
Event Severity (severity) > 1 Event Customer Code (customercode) = “XXXX” Event Enrichment has been processed for event (ZprocessState) > 0 There is no Maintenance Windows (SuppressEscl) not in (4,6) Event (RCorrDelay)=0 Event (RCauseServerSerial)=0 At least one Filter condition matches
The filters are matched based on descending order of filter weight if a filter of highest weight matches then that filter will be picked up else the matching process continues to find a filter that matches the event attributes. Once the filter is matched event severity map and assignment group are identified. Severity map is used to get the ticket severity based on event severity. Below examples show how it is done.
Example 1: If the severity map is 5;5;4;3;2;2 then ticket severity is identified based on the event severity.
Example 2: If the severity map is 5;5;4;3;3;3 then ticket severity is identified based on the event severity.
Ticket severity is identified impact and urgency are identified based on below table
System Webservices -> Outbound -> REST Message , create new REST Message with following details
Name : Netcool Integration Description : This REST message is used to pull events from Netcool Omnibus using REST http GET method. Endpoint :http://XXXX:8080/objectserver/restapi/alerts/status Accessible from : This application scope only. Authentication : Authentication type = Basic HTTP Request : HTTP Headers : Name : Content-Type Value : application/json Setup Authentication Profile Open the REST Message: Netcool Integration
Click on the search button next to Authentication -> Basic Auth profile, click on New
Name : DOCCredentials
- Username : enter the correct username based on instance
- Password : enter the correct password based on instance
Submit the record.
Add HTTP Method (GET)
Create a Script include that performs below functions
- Reads the system properties setup for netcool integration.
- Makes a call to Netcool REST API using the system properties for midserver name, authentication profile, end point url, last run time, start time and end time ( incase of one off data pull)
- Parse the data returned by the REST API using servicenow JSON parser.
- Delete all the existing records in netcool all events table which are in state as skipped.
- Create records in netcool all events table based on the data returned from REST API, all the event columns returned from the REST API should map to the columns in this table.
- Create a record in netcool RAW responses table with the response returned from REST API
- Store the reference of the netcool raw response in the netcool all events table
- Generate log statements based on the debug property set on netcool properties
- Have a provision to run incremental data pull and a data pull in a given time span by taking start time and end time as parameters
In case of incremental run, update the last run time system property once the run is successful
Develop a script include that performs following functions
- The script include that loads data in netcool all events table.
- This new script include will process the records in netcool all events table and separates them into qualified and unqualified events.
- Based on the event filtering Logic identify if an event is a qualified or unqualified event.
- Update the filter reference, ticket assignment group, ticket severity based on the assignment group and severity map on the matching filter, if the assignment group on the filter is empty set the assignment group based on the system property = netcoolDefaultAssignmentGroup.
If the severity map on the matching filter is empty use the default severity map = 5;5;4;3;2;2
- If an event is a qualified event then following steps are performed.
- Check in the qualified events table to see
If a similar event already exists, if it does Move the event record from all events table to qualified events table, set the state of the record to "Processed"
- Update the incident number field on the newly created event record with the matching event.
- If the qualified event is a new event then Move the event record from all events table to qualified events table, set the state of the record to “Processing”
- If an event is an unqualified event then following steps are performed. Move the event record from all events table to unqualified events table, set the state of the record to “Processed”
Create script include that performs following functions**
Query table = u_netcool_event_qualified for records with state = 'Processing'
- Check if the event record already has an incident created from it
- If the incident exists, check if the incident is active.
- if the incident is active, set the state of the event to ‘Processed’
- If the event doesn’t have any active incident perform following steps
- Search in CMDB_CI table with name = node (of the event). If a CI record is found, use that CI to create an incident
- If no CI is found then use the ‘Default CI’ record to create an incident.
- The incident should have category = Monitoring, subcategory = Netcool
- The incident should have severity as ticket severity (identified by script include-2)
- The incident should have assignment group as assignment group (identified by script include-2);
Create script include that performs following functions
This is a script include that converts a glide record to a JSON. This is used in Script include-2 to perform matching of correct filter based on the event attributes.
u_netcool_unqualified_event_user u_netcool_qualified_event_user u_netcool_all_events_user u_netcool_raw_response_user u_netcool_category_mapping_user
System Definition -> Application Menu -> New
Title= Netcool Inegration
Role= Netcool Admin
Description= Application Menu for Netcool Integration
A job Netcool Data pull that runs periodically and runs following script
A job that runs on Demand and runs following script
- Understanding Request, RITM, Task in ServiceNow
- Steps to create a case in ServiceNow (CSM)
- Performance Analytics in 10 mins
- Event Management in 10 minutes - part1
- Event Management in 10 minutes - part2
- Custom Lookup List
- Script includes in 5 minutes
- Interactive Filter in 5 minutes
- UI Policy in 6 Minutes
- Client Side Script Versus Server Side Script in 3 minutes
- Performance Analytics
- ServiceNow Scripts
- Script include
- Useful scripts
- Basic Glide Scripts
- Client Script
- Advance Glide Script
- Glide System Script
- Import Set
- Work Flow
- Core Application
- UI Policy
- UI Action
- Client Script
- CAB Workbech
- Data Policy
- Connect Support
- Event Management
- SSO Integration
- LDAP Integration
- SCCM Integration
- AWS Intergration
- Slack Integration
- CTI Integration
- Jira Integration
- Ebonding ServiceNow
- SOAP Integration
- IBM Netcool Integration
- VIP Mobile App Integration
- Rest Integration
- Service Portal
- Performance analytics(PA) Interactive Filter
- Various Configurations in Performance analytics(PA)
- Service Portal
- Performance Analytics(PA) Widgets
- Performance Analytics(PA) Indicator
- Performance Analytics(PA) Buckets
- Performance Analytics(PA) Automated Breakdown
- Client Script
- Rest Integration
- Understanding the Request, RITM, Task
- Service Catalogs
- Events in ServiceNow
- Advance glide script in ServiceNow
- CAB Workbench