Introduction to the ServiceNow Events SyncPack

Download this manual as a PDF file 

This section describes the "ServiceNow Events" SyncPack, which is the ScienceLogic integration with the ServiceNow Events Module. This SyncPack provides a bi-directional sync of Skylar One Events with ServiceNow Alerts, including event creation, acknowledgment, and resolution.

This SyncPack uses the "ScienceLogic Skylar One: Event Integration" certified application in ServiceNow and the latest "ServiceNow Base Pack" PowerPack in Skylar One.

Starting with version 1.1.0 of this SyncPack, you can use this SyncPack with or without a ServiceNow Management, Instrumentation, and Discovery (MID) Server. Do not use the "ServiceNow Events" SyncPack and the "ServiceNow Incident" SyncPack on the same PowerFlow system.

What Can I Do with this SyncPack?

The "ServiceNow Events" SyncPack is the ScienceLogic integration with the ServiceNow Events Module. This SyncPack provides a bi-directional sync of Skylar One events with ServiceNow alerts, including event creation, acknowledgment, and resolution.

For this SyncPack, you can configure a run book action policy in Skylar One to ensure that whenever Skylar One detects a new, acknowledged, or cleared event, a corresponding event is created or updated in ServiceNow. These automations are included in the latest "ServiceNow Base Pack" PowerPack. For more information, see Enabling the Run Book Automation Policies in Skylar One.

The run book automation policies could use considerable Skylar One resources if you configure the policies to trigger the "ServiceNow: Add/Update/Clear Event" action for every single Skylar One event. To avoid this, you will need to manage your event policies and ensure that your Skylar One instance is sized appropriately to handle the resources required for syncing events to ServiceNow. ScienceLogic recommends only forwarding actionable events from Skylar One to ServiceNow through PowerFlow. Non-actionable events, including "Notice" and certain "Minor" events should be filtered depending on the needs of your organization.

Starting with version 1.1.0 of this SyncPack, you can use this SyncPack with or without a ServiceNow Management, Instrumentation, and Discovery (MID) Server.

The following diagram details the workflow and architecture for the bi-directional sync of Skylar One Events with ServiceNow Alerts, including event creation, acknowledgment, and resolution:

Click the image to enlarge

This diagram is for environments that use a ServiceNow MID Server.

This SyncPack includes the following applications, which you can use to synchronize event information between Skylar One to ServiceNow:

  • Create Event in ServiceNow from Skylar One Event. Transforms Skylar One event data into a ServiceNow event, and then posts that event to ServiceNow.
  • Process and Cache Skylar One Events. The "ServiceNow: Add/Update/Clear Event" Run Book Action triggers this application whenever a Skylar One event is created, updated, or cleared. This application processes the Skylar One event and caches it to PowerFlow to allow for bulk processing for ServiceNow by the "Sync Cached Skylar One Events to ServiceNow" application.
  • Sync Alert Details from ServiceNow to Skylar One Events. Acknowledges or clears Skylar One events from ServiceNow, updates the user note, and populates the alert number in the external ticket reference. This application also includes the user_note_template field that accepts a Jinja2 template to generate custom user notes. ScienceLogic suggests that you schedule this application to run every 60 seconds. Also, you need to run the "Cache Skylar One Users" application before running this application.
  • Sync Cached Skylar One Events to ServiceNow. Bulk processes all of the cached Skylar One events and posts them to ServiceNow. Sends a "Sync Success" or "Sync Failed" status update to PowerFlow based on the result of the post. ScienceLogic suggests that you schedule this application to run every 60 seconds.
  • Update Skylar One Event from ServiceNow Trigger. Updates or clears a Skylar One Event based on a ServiceNow action.

For more information, see Configuring the PowerFlow Applications for Event Sync.

Contents of the SyncPack

This section lists the contents of the "ServiceNow Events" SyncPack.

PowerFlow Applications

The following applications are included with the "ServiceNow Events" SyncPack:

  • Create Event in ServiceNow from Skylar One Event. Transforms Skylar One event data into a ServiceNow event, and then posts that event to ServiceNow.
  • Process and Cache Skylar One Events. The "ServiceNow: Add/Update/Clear Event" Run Book Action triggers this application whenever a Skylar One event is created, updated, or cleared. This application processes the Skylar One event and caches it to PowerFlow to allow for bulk processing for ServiceNow by the "Sync Cached Skylar One Events to ServiceNow" application.
  • Remove Lock Documents. Removes all stale lock documents in Couchbase that were created by the “Process and Cache Skylar One Events” application. This is a hidden application.

This application needs to be scheduled to run to clean up all the stale lock documents. See the Configuring the Remove Lock Documents Application section for more information.

  • Sync Alert Details from ServiceNow to Skylar One Events. Acknowledges or clears Skylar One events from ServiceNow, updates the user note, and populates the alert number in the external ticket reference. This application also includes the user_note_template field that accepts a Jinja2 template to generate custom user notes. ScienceLogic suggests that you schedule this application to run every 60 seconds. Also, you need to run the "Cache Skylar One Users" application before running this application.
  • Sync Cached Skylar One Events to ServiceNow. Bulk processes all of the cached Skylar One events and posts them to ServiceNow. Sends a "Sync Success" or "Sync Failed" status update to PowerFlow based on the result of the post. ScienceLogic suggests that you schedule this application to run every 60 seconds.
  • Update Skylar One Event from ServiceNow Trigger. Updates or clears a Skylar One Event based on a ServiceNow action.

For more information about configuring and running these applications, see Configuring the PowerFlow Applications for Event Sync.

Configuration Object

  • ServiceNow Events SyncPack. Version 1.1.0 and later of this SyncPack includes this example configuration object, which you can use to create an event-specific configuration object for your PowerFlow system.

Steps

  • Compare ServiceNow and Skylar One Events
  • Convert ScienceLogic Event Data to SNOW Event
  • Process and Cache Event
  • Process and Post Event to ServiceNow
  • Process Event Trigger from ServiceNow
  • Pull and Process ServiceNow Alerts