Set up ServiceNow ITOM and ITSM
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel,
n'hésitez pas à nous contacter.
ServiceNow’s ITOM/ITSM integration allows you to send alerts, cases, and incidents generated in Datadog to ServiceNow as records in the Incident or Event tables. The integration relies on interim tables and transform maps.
To use the integration, follow the instructions to install the integration, and then configure the integration for each product:
- Install the ITOM/ITSM integration
- Configure the integration
- Configure Datadog templated monitor notifications
- Configure Datadog Case Management
- Configure Datadog Incident Management
- Customize data with transform maps
Install the ITOM/ITSM integration
There are two ways to install the integration:
Before proceeding, make sure you have added your ServiceNow instance into your ServiceNow tile in Datadog.
Configure templated monitor notifications
These features require ITOM/ITSM integration version 2.6.0 or newer.
By default, Datadog doesn’t include ServiceNow impact and urgency levels when sending events to ServiceNow. For each ServiceNow configuration, you can configure mappings between those ServiceNow levels and Datadog’s Monitor Priority levels for inclusion in Datadog-generated events.
- In Datadog, go to the ServiceNow integration settings page.
- Go to the Configure tab, then the ITOM/ITSM tab, then the Monitors tab.
- Under Instance Priority Mapping for Templates, open the settings for your ServiceNow instance.
- Turn on the Use Instance Priority Mapping toggle.
- Under ServiceNow Urgency and ServiceNow Impact, select the levels you want to correspond with Datadog’s Monitor Priority levels. For example:
- Click Update.
Create a custom ServiceNow @-handle for monitor notifications
To create a ServiceNow record from a monitor, you need to configure an @-handle to use within the monitor notification rules or notification recipients.
- In Datadog, go to the ServiceNow integration settings page.
- Go to the Configure tab, then the ITOM/ITSM tab, then the Monitors tab.
- Beside Templates, click + New to create a new template.
- Define an @-handle Name, Instance, and Target Table for the monitor notification to be delivered to.
- (Optional) Set Assignment Group, Business Service, and/or User in the template.
Note: If you set both an assignment group and user, the user must belong to the selected assignment group for the ServiceNow record creation to successfully complete. - (Optional) Expand the Customize notification payload section and click Add field to add more variables from Datadog.
- Click Save.
To use the new template, add @servicenow-<TEMPLATE_NAME> in a monitor description. When the monitor alerts, ServiceNow also creates a corresponding record, and automatically sets it to Resolved when the underlying alert recovers.
To configure legacy monitor notifications using @servicenow-<INSTANCE_NAME>:
In Datadog, go to the ServiceNow integration settings page.
Go to the Configure tab, then the ITOM/ITSM tab, then the Monitors tab.
Under Manage Legacy Monitor Notifications, select the instance you want to configure notifications for, then select the table that legacy monitor notifications write to.
To validate the integration is set up correctly, add @servicenow-<INSTANCE_NAME> in a monitor or event notification. You can define both the Impact and Urgency values so ServiceNow can use them to calculate the incident priority. The raw data populates rows in the interim table and is forwarded to the ServiceNow table specified by the integration.
Use transform maps in ServiceNow to customize the transformation of the data sent to the interim tables.
Customize the notification payload with available Datadog variables or custom strings.
Note: Impact and Urgency in monitor descriptions work only for legacy monitor configurations. For templated monitors, configure instance priority mapping. The priority field in ServiceNow incidents is read-only, and can only be updated using priority lookup rules.
action- Type: String
The action being taken on the monitor: create, update, acknowledge, or resolve additional_information- Type: String
ITOM Transform: additional_info
Formatted string containing all event details aggreg_key- Type: String
Aggregation key representing a hash of the alerting monitor’s ID alert_cycle_key- Type: String
Key representing a hash of a single monitor’s alert cycle (tracks Alert → Warn → Resolve) alert_id- Type: String
ID of the alerting monitor alert_metric- Type: String
ITOM Transform: metric_name
Metric that triggered the alert alert_query- Type: String
Query that triggered the alert alert_scope- Type: String
Scope that triggered the alert alert_status- Type: String
Current state of the alert alert_title- Type: String
Name of the alert alert_transition- Type: String
ITSM Transform: (script) -> state
Alert transition state: Triggered, Warn, or Recovered assignment_group_sys_id- Type: Reference
ITSM Transform: assignment_group
Reference Table: Group
ServiceNow sys_id for the templated handle’s assignment group business_service_sys_id- Type: Reference
ITSM Transform: business_service
Reference Table: Service
ServiceNow sys_id for the templated handle’s business service custom_fields- Type: String
User-configured key-value fields formatted as JSON-convertible string datadog_tags- Type: String
Datadog tags from the alerting monitor description- Type: String
ITSM Transform: description
ITOM Transform: description
Summary description of the monitor alert event_details- Type: String
ITSM Transform: work_notes
Event details with formatted, clickable links to Datadog event_id- Type: String
Datadog ID of the event event_link- Type: String
Link to the event created from the monitor alert event_msg- Type: String
Message from the event event_title- Type: String
ITSM Transform: short_description
Title of the event event_type- Type: String
ITOM Transform: type
Type of event hostname- Type: String
ITSM Transform: cmdb_ci
ITOM Transform: node
Host of the affected monitor impact- Type: Integer
ITSM Transform: impact
Impact value based on user-defined mapping of monitor priority logs_sample- Type: String
Sample of relevant logs monitor_priority- Type: Integer
ITOM Transform: severity
Priority of the alerting monitor as an integer org_name- Type: String
Name of the alerting monitor’s organization sys_created_by- Type: String
ITSM Transform: caller_id
Creator of the record (usually the configured ServiceNow API account) ticket_state- Type: String
ITSM Transform: state, (script) -> close_code, (script) -> close_notes
ITOM Transform: (script) -> resolution_notes
State of the ServiceNow record: new or resolved u_correlation_id- Type: String
ITSM Transform: correlation_id
ITOM Transform: message_key
Combined alert_cycle_key and aggreg_key used to coalesce records to the same target incident urgency- Type: Integer
ITSM Transform: urgency
Urgency set from the user defined mapping on the integration tile based on monitor defined priority user_sys_id- Type: Reference
ITSM Transform: assigned_to
Reference Table: User
sys_id from the templated handle passed in for user.
Configure Datadog Case Management
Case Management integration is not supported in the
Send cases from Datadog to either the Datadog Cases ITOM or ITSM table in ServiceNow. ServiceNow stores incoming records and uses the installed update set to transform the records in the Event or Incident table. Datadog doesn’t support custom payloads for these tables, or updates to the Events table.
The user configuring the settings in ServiceNow must have both the x_datad_datadog.user and admin roles.
- In Datadog, go to the ServiceNow integration settings page.
- Go to the Configure tab, then the ITOM/ITSM tab, then the Case Management tab.
- Under Sync ServiceNow with Case Management, open the settings for your ServiceNow instance.
- Beside Case Table, choose to send cases to either Datadog Cases ITOM or Datadog Cases ITSM.
- Navigate to the Case Management > Settings page, and expand your project. Then, set up the ServiceNow integration for that project.
Configure Datadog Incident Management
After installing the integration, in Datadog, go to the Integration Settings page. Click the ServiceNow tile to configure ServiceNow incident creation.
Sync data bidirectionally between ServiceNow and Case/Incident Management
In ServiceNow, you can sync state, impact, and urgency bidirectionally with both Case Management and Incident Management.
- In Datadog, follow the instructions to create a service account application key.
Note: Datadog recommends creating this key instead of using a personal one, which risks breaking the ServiceNow sync if the user’s account is deactivated or if their permissions change. - In ServiceNow, click the globe icon in the top-right corner, then make sure the Application Scope is set to ITOM/ITSM Integration for Datadog.
- In the top-left navigation menu, click All.
- Type ITOM/ITSM Integration for Datadog in the filter.
- Click the Configuration link from the filtered results, then enter the required settings:
- Select your Datadog Data Center.
- Paste in your Datadog API Key.
- Paste in your Service Account Application Key you created.
- Check the Enabled box.
- Click Save.
- (Optional) If you have ITOM/ITSM integration version 2.7.0 or newer, you can use information from correlated alerts to populate values in ServiceNow.
The transform maps for Datadog Cases ITOM and ITSM tables contain an example transform script that runs onBefore. By default, the script is commented out, but you can enable it by uncommenting it and modifying it to fit your use case.
This section describes the fields that are synced between Incident Management and ServiceNow:
| Incident Management | ServiceNow Cases Table | ServiceNow Incident | Sync Status |
|---|
| Title | Title - String | Short Description | One way sync from Datadog -> ServiceNow |
| What Happened | Description - String | Description | One way sync from Datadog -> ServiceNow |
| State | State - String | State | Bi-directionally synced |
| DD Incident URL | Incident URL - String | Work Notes | One way sync from Datadog -> ServiceNow |
| Severity | Incident Urgency (int) | Urgency | Bi-directionally synced |
| Severity | Incident Impact (int) | Impact | Bi-directionally synced |
| Datadog Monitor State | ServiceNow Incident State |
|---|
| Alert | In Progress |
| Warn | In Progress |
| OK | Resolved |
| Completed (optional, configured in settings) | Resolved |
| Datadog Incident Severity* | ServiceNow Urgency | ServiceNow Impact | ServiceNow Priority |
|---|
| SEV-1 | 1 | 1 | 1 - Critical |
| SEV-2 | 1 | 2 | 2 - High |
| SEV-2 | 2 | 1 | 2 - High |
| SEV-3 | 1 | 3 | 3 - Moderate |
| SEV-3 | 2 | 2 | 3 - Moderate |
| SEV-3 | 3 | 1 | 3 - Moderate |
| SEV-4 | 2 | 3 | 4 - Low |
| SEV-4 | 3 | 2 | 4 - Low |
| SEV-5 (Minor) | 3 | 3 | 5 - Planning |
| Unknown | 3 | 3 | 5 - Planning |
Note: If Start at SEV-0 is enabled in Incident Management settings, the values in ServiceNow Urgency, ServiceNow Impact, and ServiceNow Priority will all stay the same, but the Datadog Incident Severity shifts down by 1. For example, in the first row of this table, the Datadog Incident Severity would be 0, but the rest of the values in the rest of the row would stay the same.
The ServiceNow integration writes from Datadog to interim tables, which transform to records in ServiceNow. For any customizations (for example, custom field mappings), you can extend the transform maps to specify what fields you want to map to from Datadog to ServiceNow.
Additional configuration options
To prevent the import set table x_datad_datadog_import_host from accumulating too many rows, an auto-flush rule has been added to the Table Cleaner tool to keep only the last 24 hours of data. This configuration setting can be changed as needed by navigating to sys_auto_flush_list.do in the filter navigator and going into the rule for the x_datad_datadog_import_host table. The Age in seconds field can be updated accordingly.
To create a custom field mapping in ServiceNow:
Click one of the tables (for example, Datadog Monitors ITSM Tables), and scroll to the bottom of the record to see the link for the associated transform map.
Click on the name of the transform map to view the record:
At the top are two important fields on the Transform record: Source table and Target table:Click New:
Select the source and target fields for one to one mappings:
Or check the Use source script box and define transformations:
To map custom fields in the integration tile, you can use the following script for either the Datadog Monitors ITOM and Datadog Monitors ITSM Transform maps. In this example, the field my_field is defined as a custom field in the integration tile:
answer = (function transformEntry(source)
{
var additional_info = JSON.parse(source.additional_info);
return additional_info.my_field;
})(source);
Notes:
The source is the import set table you selected (in this example, Datadog Monitors ITSM Tables) and the target is your actual incident table (or event table) where events are stored.
The field mappings are at the bottom of the record. Some basic mappings are included. This is where you select the fields to include, define the format, and select the target fields in your ServiceNow instance.
Troubleshooting
If you get an error message in your Datadog integration tile, or an Error while trying to post to your ServiceNow instance notification:
Verify only the subdomain was used when entering your instance name.
Verify the user you created has the required permissions.
Verify the username and password are correct.
If the integration is configured and an alert triggered, but no ticket is created:
- Confirm that the interim table is populated. If so, the issue is with mappings and transformations. You can debug your mappings and scripts further by navigating to Transform Errors in ServiceNow.
- Confirm that you’re working with the interim table you specified in the tile.
The ServiceNow user needs rest_service and x_datad_datadog.user roles so that it can access the import tables. If you’re using the legacy way of sending notifications directly to either the Incident table or Event table, you need the permissions itil and evt_mgmt_integration.
If you’re seeing updates from Datadog Case Management to ServiceNow, but not seeing updates from ServiceNow to Datadog, this is expected behavior for ServiceNow ITOM. Bidirectional syncing with Case Management is only supported for ServiceNow ITSM.
If a monitor is reopening the same incident instead of creating a new one for each warning, ensure it is not set as a simple alert. Convert the monitor to a multi-alert by grouping it using a tag in the metric. This way, each alert will trigger a separate incident.
Need additional help? Contact Datadog support.
Further Reading
Documentation, liens et articles supplémentaires utiles:
![Datadog Incident Transform map in ServiceNow showing the source table Datadog Incident Table mapped to the target table Incident [incident]](https://datadog-docs.imgix.net/images/integrations/guide/servicenow/servicenow-source-target-fields.9f3d242c6017f962068ce4d2b69993af.png?fit=max&auto=format)
