Skip to main content

Create a ServiceNow Enrichment Workflow

To set up ServiceNow Enrichment in Moogsoft Onprem, configure a workflow in the ServiceNow Enrichment Workflow Engine to trigger the query you set up in the ServiceNow Enrichment Integration. See Configure the ServiceNow Enrichment Integration. This topic covers the final step in the ServiceNow enrichment example Enrich Alerts with ServiceNow Data.

The following diagram illustrates the process to enrich alert data from an external database:

create_snow_enrichmentWF.png

In the ServiceNow Enrichment Workflow Engine, define a workflow with an action that uses the getServiceNowEnrichment function.

Set the tableDefName to a table from the ServiceNow Enrichment Integration table definition. For example: ci.

The value1 and value2 arguments let you map fields in your alert to the $$params.value1 or $$params.value2 variables in your query. This way different workflows can send different values to the same table definition query. For more information, see the Query section in ServiceNow Enrichment Reference.

Step 4 example: create a ServiceNow Enrichment workflow

In the example scenario, you want to enrich all alerts with information from ServiceNow. Therefore, create a new workflow in the ServiceNow Enrichment Workflow Engine as follows:

  1. Create a workflow called "Enrich from ServiceNow" with the description "Query ServiceNow and add data to custom_info ". Leave the rest of the fields blank or unchecked.

  2. Add an action into the workflow called "Query ServiceNow" to specify the table definition you created earlier. See ServiceNow Enrichment Reference.

    • Function: getServiceNowEnrichment

    • Arguments

      tableDefName: ci

  3. To also have business service information, add another action into the workflow called "Query ServiceNow (rel_ci)":

    • Function: getServiceNowEnrichment

    • Arguments

    • tableDefName: rel_ci

  4. Add an action into the workflow called "Forward to Maintenance Window Manager" to send the alert to the next stage for data processing:

    • Function: forward

    • Arguments

      moolet: MaintenanceWindowManager

      Forwarding Behavior: Always Forward

  5. Add an action into the workflow called “Stop” to stop the workflow after forwarding:

    • Function: stop

    • Arguments

    • Forwarding Behavior: Stop All Workflows

When this workflow is active, it queries ServiceNow according to the ServiceNow Enrichment integration configuration. Given the following alert data:

{ ... "source":"lnux100", ...}

The Workflow Engine updates the custom_info for the alert as follows:

"enrichment": {
	"Details": {
		"SysId": "0123456789abcdef0123456789abcdef",
		"Category": "Hardware",
		"SupportGroup": "Not Found",
		"Class": "Server",
		"InstallStatus": "Installed",
		"Name": "demoserver-1",
		"Location": "Not Found"
	},
	"BusinessServices": {
		"demoService": {
			"InstallStatus": "Installed",
			"Name": "demoService",
			"SubCategory": "Service",
			"Class": "Service",
			"SupportGroup": "Not Found",
			"Category": "Business Service",
			"SysId": "0123456789abcdef0123456789abcdef"
		}
	}
},
"mooghandling": {
	"isEnriched": true
}

Learn more

To read more about the getJDBCEnrichment function, see getJDBCEnrichment.