Skip to main content

Send to Endpoint action

Available for alert and incident workflows

This action sends an incident to an existing webhook endpoint. It also optionally populates the Outbound tab of the Incident with a link to the endpoint.

For instructions on configuring the CREATE and UPDATE workflows using this action, read the following section on how to Configure webhook endpoint workflows.

This action takes the following inputs:

  • Webhook

    The webhook endpoint that the incident should be sent to. If this list is empty, you will have to create a webhook endpoint first.

  • External Link (Optional)

    Enable this option to add an external link to the Outbound tab of the incident. Clicking on the link will take you to the endpoint.

  • Integration Name

    The name for the integration, which will be displayed in the Outbound tab of the incident. This does not have to be unique - multiple workflows can update the same integration.

  • External ID

    The value used to indicate the object in the external system. For example: A ticket number.

    You can set the External ID to a value from another field, tag, or attribute from the webhook response. Refer to other fields and tags using the following syntax: ${property_name}

  • External Name

    The value used to indicate the name of the object in the external system.

    You can set the External Name to a value from another field, tag, or attribute from the webhook response. Refer to other fields and tags using the following syntax: ${property_name}

  • URL

    The URL for the external link. You can refer to other fields and tags using the following syntax: ${property_name}

Configure webhook endpoint workflows

Important

Before you begin, make sure that you have created separate webhook endpoints for each of the CREATE and UPDATE workflows. For detailed instructions on how to do this, read Webhook endpoints.

In this section, you will learn to configure workflows that create and update incidents or alerts in outbound systems using the Send to Endpoint action.

Note that in the following example, the payload that we are sending differs between the CREATE and the UPDATE operations. As a result, we will create a separate workflow for each of these actions. Some endpoints may accept the same payload for both CREATE and UPDATE operations, in which case a single workflow using the "New or changed incidents" trigger would be sufficient.

Note

You can include multiple Send to Endpoint actions in series in a single workflow. It is usually preferable to create a separate workflow for each Send to Endpoint action for simpler management and labeling, however. When there are multiple Send to Endpoint actions in a single workflow, you have to edit the workflow and examine each action to determine its function. Including each action in a separate workflow lets you name and add an appropriate description for each, so the purpose of each workflow is clearer.

One exception to this guideline is when you want to send the same incident or alert to two (or more) different locations. Then you can use one Send to Endpoint action to route the incident or alert to the first location, and subsequent Send to Endpoint actions to send the same incident or alert to other endpoints.

Configure the CREATE workflow

  1. Within APEX AIOps Incident Management, navigate to Correlate & Automate > Workflow Engine.

  2. Choose a workflow type:

    • If you created an incident webhook endpoint, select Incident Workflows.

    • If you created an alert webhook endpoint, select Alert Workflows.

  3. Click Add Workflow.

  4. Provide a unique name for your workflow. Optionally, provide a description.

    It is recommended that you include the word “create” in your naming convention. For example: “ServiceNow_create”.

  5. Set the Trigger:

    • For an incident workflow, select New incidents only.

    • For an alert workflow, select New alerts only.

  6. Click Add Action.

  7. From the list of actions, select Send to Endpoint and add it to the workflow. Configure the action as follows:

    1. Webhook: Select the CREATE webhook endpoint that you already configured.

    2. External Link: Check the box. This adds a link to the external endpoint that will be displayed in the Outbound tab of the Incident View.

    3. Integration Name: Name your integration. This is the name that will be displayed on the “Outbound” tab in the Incident View.

    4. External ID: Set the External ID to the value from another field, tag or an attribute from the Webhook response. You may also use regular expressions.

      Note that pressing the Test button in the Webhook Endpoint configuration dialog is one way of determining potential values for this field.

    5. External Name: Set the External Name to the value from another field, tag or an attribute from the Webhook response. You may also use regular expressions.

      Note that pressing the “Test” button in the Webhook Endpoint configuration dialog is one way of determining potential values for this field.

    6. URL: Specify the URL for the external link. You may use $ parameter substitution variables. The format of the variables for the URL must be in a dotted notation and must include the integration name. Consider this example from a ServiceNow integration:

      https://<instance>.service-now.com/nav_to.do?uri=incident.do?sys_id=${outbound.ServiceNow.external_name}"

      In this example, the External Name is the ticket number, and the link would bring users to the corresponding incident in ServiceNow.

  8. Click Save at the top of the page.

  9. Test the workflow by inputting values for the appropriate fields in the Workflow Tester section at the bottom of the interface.

Configure the UPDATE workflow

  1. Within Incident Management, navigate to Correlate & Automate > Workflow Engine.

  2. Choose a workflow type:

    • If you created an incident webhook endpoint, select Incident Workflows.

    • If you created an alert webhook endpoint, select Alert Workflows.

  3. Click Add Workflow.

  4. Provide a unique name for your workflow. Optionally, provide a description.

    It is recommended that you include the word “update” in your naming convention. For example: “ServiceNow_update”.

  5. Set the Trigger:

    • For an incident workflow, select Changed incidents only.

    • For an alert workflow, select Changed alerts only and Changes from anywhere.

  6. Click Add Action.

  7. From the list of actions, select Send to Endpoint and add it to the workflow. Configure the action as follows:

    1. Webhook: Select the UPDATE webhook endpoint that you already configured.

    2. Leave the remaining fields as they are.

  8. Click Save at the top of the page.

Alert example

Suppose you want to create a new alert in an outbound system if a corresponding alert in Incident Management has a class value of "storage." You can accomplish this by creating an alert workflow with a trigger and a Send to Endpoint action, along with an alert webhook endpoint.

First, you configure the alert webhook endpoint according to the specifications of the outbound system.

Next, you create a new alert workflow. You select New alerts only for the trigger and add a filter that only activates the workflow for incidents with a class value of "storage." Then, you add a Send to Endpoint action and configure it to forward alerts to the alert webhook endpoint.

You now have an alert workflow that will create a new alert in your outbound system for all alerts in Incident Management that have a class value of "storage."

Incident example

Suppose that you want to create a new incident in an outbound system if a corresponding incident in Incident Managementhas a severity level of Critical. You can accomplish this by creating an incident workflow with a trigger, a Delay action, a Filter action, and a Send to Endpoint action, along with an incident webhook endpoint.

First, you configure the incident webhook endpoint according to the specifications of the outbound system.

Next, you create a new incident webhook. You select New incidents only for the trigger and add a filter that only activates the workflow for incidents of a Critical severity. Then you configure the Delay action to wait for 30 minutes and add the Filter action afterwards to check if the incident is still of a Critical severity.

Finally, you add a Send to Endpoint action and configure it to forward incidents to the incident webhook endpoint.

You now have a workflow that will create a new incident in your outbound system for all incidents in Incident Management that are unresolved and Critical for over 30 minutes.