Docs » Send alert notifications to third-party services using Splunk Observability Cloud » Send alert notifications to ServiceNow using Splunk Observability Cloud

Send alert notifications to ServiceNow using Splunk Observability Cloud 🔗

You can configure Splunk Observability Cloud to automatically send alert notifications to ServiceNow when a detector alert condition is met and when the alert clears.

To send Observability Cloud alert notifications to ServiceNow, complete the following configuration tasks:

Step 1: Create a ServiceNow user for your Observability Cloud integration 🔗

In this step, you’ll create a ServiceNow user that you’ll use to receive alert notifications from Observability Cloud. You must be a ServiceNow administrator to perform this task.

If you have an existing ServiceNow user that you want to use to receive alert notifications, the user has the web_service_admin and itil roles assigned, and you know the user ID and password, you can skip to Step 2: Create a ServiceNow integration in Observability Cloud.

To set up a ServiceNow user for your Observability Cloud integration:

  1. Log in to ServiceNow.

  2. In the left navigation panel, scroll to User Administration and click Users.

  3. Click New.

  4. Enter User ID, First name, and Last name values that clearly communicate that the user is associated with Observability Cloud notifications. Make note of the User ID value for use in subsequent steps.

  5. Enter a Password value. Make note of this value for use in Step 2: Create a ServiceNow integration in Observability Cloud.

  6. Select the Active check box.

  7. Click Submit.

  8. Find your new user by either searching for the user ID or doing a reverse chronological sort on the Created column. Click the user ID to open the user information window. Scroll down and click the Roles tab. Click Edit.

  9. In the Collection search field, enter web_service_admin. Select the web_service_admin role and click > to move it the Roles List panel.

  10. Similarly, in the Collection search field, search for itil. Select the itil role and click > to move it the Roles List panel.

  11. Click Save. web_service_admin and itil display on the Roles tab for the user, possibly along with other additional roles.

Step 2: Create a ServiceNow integration in Observability Cloud 🔗

You must be an Observability Cloud administrator to perform this task.

To create a ServiceNow integration in Observability Cloud:

  1. In the Observability Cloud navigation menu, select Data Setup.

  2. In the CATEGORIES menu, select Notification Services.

  3. Click the ServiceNow tile.

  4. Click New Integration to display the configuration options.

  5. By default, the name of the integration is ServiceNow. Splunk recommends that you give your integration a unique and descriptive name. For information about the downstream use of this name, see About naming your integrations.

  6. In the Username field, enter the user ID from ServiceNow in Step 1: Create a ServiceNow user for your Observability Cloud integration.

  7. In the Password field, enter the password from ServiceNow in Step 1: Create a ServiceNow user for your Observability Cloud integration.

  8. In the Instance Name field, enter your ServiceName instance name. For example, the instance name must use the format example.service-now.com. Do not include a leading https:// or a trailing /. Additionally, you cannot use local ServiceNow instances.

    To troubleshoot potential blind server-side request forgeries (SSRF), Observability Cloud has included \*.service-now.com on an allow list. As a result, if you enter a domain name that is rejected by Observability Cloud, contact observability-support@splunk.com to update the allow list of domain names.

  9. Click Incident or Problem to indicate the issue type you want the integration to create in ServiceNow.

    If necessary, you can create a second integration using the other issue type. This allows you to create an incident issue for one detector rule and a problem issue for another detector rule.

  10. Click Save.

  11. If Observability Cloud is able to validate the ServiceNow username, password, and instance name combination, a Validated! success message displays. If an error displays instead, make sure that the values you entered match the values in ServiceNow.

Step 3: Add a ServiceNow integration as a detector alert recipient in Observability Cloud 🔗

To add a ServiceNow integration as a detector alert recipient in Observability Cloud:

  1. Create or edit a detector that you want to configure to send alert notifications using your ServiceNow integration.

    For more information about working with detectors, see Create detectors to trigger alerts and Subscribe to alerts using the Detector menu.

  2. In the Alert recipients step, click Add Recipient.

  3. Select ServiceNow and then select the name of the ServiceNow integration you want to use to send alert notifications. This is the integration name you created in Step 2: Create a ServiceNow integration in Observability Cloud.

  4. Activate and save the detector.

Observability Cloud will send an alert notification to create an incident in ServiceNow when an alert is triggered by the detector. When the alert clears, it will send a notification that sets the incident state to Resolved.

This ServiceNow integration sets the Impact and Urgency fields on the ServiceNow incident based on the Observability Cloud alert severity (see Severity) as follows:

Observability Cloud severity

ServiceNow Impact and Urgency fields

Critical

1

Major or Minor

2

Warning or Info

3