Create a ServiceNow Enrichment Workflow
To set up ServiceNow Enrichment in Moogsoft Onprem, configure a workflow in the ServiceNow Enrichment Workflow Engine to trigger the query you set up in the ServiceNow Enrichment Integration. See Configure the ServiceNow Enrichment Integration. This topic covers the final step in the ServiceNow enrichment example Enrich Alerts with ServiceNow Data.
The following diagram illustrates the process to enrich alert data from an external database:
In the ServiceNow Enrichment Workflow Engine, define a workflow with an action that uses the getServiceNowEnrichment
function.
Set the tableDefName to a table from the ServiceNow Enrichment Integration table definition. For example: ci.
The value1
and value2
arguments let you map fields in your alert to the $$params.value1
or $$params.value2
variables in your query. This way different workflows can send different values to the same table definition query. For more information, see the Query section in ServiceNow Enrichment Reference.
Step 4 example: create a ServiceNow Enrichment workflow
In the example scenario, you want to enrich all alerts with information from ServiceNow. Therefore, create a new workflow in the ServiceNow Enrichment Workflow Engine as follows:
Create a workflow called "Enrich from ServiceNow" with the description "Query ServiceNow and add data to custom_info ". Leave the rest of the fields blank or unchecked.
Add an action into the workflow called "Query ServiceNow" to specify the table definition you created earlier. See ServiceNow Enrichment Reference.
Function:
getServiceNowEnrichment
Arguments
tableDefName: ci
To also have business service information, add another action into the workflow called "Query ServiceNow (rel_ci)":
Function:
getServiceNowEnrichment
Arguments
tableDefName: rel_ci
Add an action into the workflow called "Forward to Maintenance Window Manager" to send the alert to the next stage for data processing:
Function:
forward
Arguments
moolet: MaintenanceWindowManager
Forwarding Behavior: Always Forward
Add an action into the workflow called “Stop” to stop the workflow after forwarding:
Function:
stop
Arguments
Forwarding Behavior: Stop All Workflows
When this workflow is active, it queries ServiceNow according to the ServiceNow Enrichment integration configuration. Given the following alert data:
{ ... "source":"lnux100", ...}
The Workflow Engine updates the custom_info
for the alert as follows:
"enrichment": { "Details": { "SysId": "0123456789abcdef0123456789abcdef", "Category": "Hardware", "SupportGroup": "Not Found", "Class": "Server", "InstallStatus": "Installed", "Name": "demoserver-1", "Location": "Not Found" }, "BusinessServices": { "demoService": { "InstallStatus": "Installed", "Name": "demoService", "SubCategory": "Service", "Class": "Service", "SupportGroup": "Not Found", "Category": "Business Service", "SysId": "0123456789abcdef0123456789abcdef" } } }, "mooghandling": { "isEnriched": true }
Learn more
To read more about the getJDBCEnrichment function, see getJDBCEnrichment.