Integrate ServiceNow with Datadog Incident Management
Overview
ServiceNow is an IT service management platform that provides solutions for managing digital workflows, IT operations, and business processes. The Datadog ServiceNow integration allows you to create incidents in ServiceNow from Datadog incidents and sync data bidirectionally between the two platforms.
The ServiceNow integration with Datadog Incident Management provides you with the following benefits:
- Improved Visibility: Ensure that all stakeholders are immediately informed about incidents, facilitating a quicker response.
- Bidirectional Sync: Sync the incident’s state, severity (impact and urgency), and any status updates between Datadog and ServiceNow automatically.
- Supporting Existing Workflows: Seamlessly integrate with your current processes, making it easier to manage incidents within your established ServiceNow workflows.
Prerequisites
To use automatic incident creation and bidirectional sync with ServiceNow:
- Install the ServiceNow integration through the ServiceNow Integration tile and ensure you have the ServiceNow tile configured with your ServiceNow instance in Datadog.
- Install the ITOM/ITSM Integration for Datadog(Recommended) from the ServiceNow store, or download the latest Update Set (Datadog-Snow_Update_Set_v2.7.7.xml) and upload it to your ServiceNow instance manually.
- Create a service account application key in Datadog for secure authentication. Note: Datadog recommends creating a service account key instead of using a personal one, which risks breaking the ServiceNow sync if the user’s account is deactivated or if their permissions change.
Setup
- Navigate to Integration Settings.
- In the left menu, click Integrations.
- Find and click the ServiceNow integration tile to open the configuration.
- Click the toggle for Enable ServiceNow incident creation.
- Click the toggle for Automatically create a ServiceNow incident.
- Add a condition to define when to automatically create a ServiceNow incident. If this condition is left blank, the integration creates a ServiceNow incident when Datadog creates an incident.
In ServiceNow, you can sync state, impact, and urgency bidirectionally with Incident Management.
- In ServiceNow, click the globe icon in the top-right corner, then make sure the Application Scope is set to ITOM/ITSM Integration for Datadog.
- In the top-left navigation menu, click All.
- Type ITOM/ITSM Integration for Datadog in the filter.
- Click the Configuration link from the filtered results, then enter the required settings:
- Select your Datadog Data Center.
- Paste in your Datadog API Key.
- Paste in your Service Account Application Key you created.
- Check the Enabled box.
- Click Save.
With bidirectional sync, when an incident is created in Datadog, a corresponding incident is also created in the linked ServiceNow instance. This ServiceNow incident includes a reference to the Datadog incident and stays in sync based on the defined field mappings.
Field mappings
Field mappings define how information in Datadog incidents is transferred to, and synchronized with, fields in ServiceNow incidents. This ensures that key incident details such as status, severity, and descriptions are consistent and up-to-date in both systems.
Below are the default field mappings used in the integration. You can customize mappings within ServiceNow using its transform map mechanism if your workflow requires advanced field configuration.
The following fields are synced between Datadog Incident Management and ServiceNow:
| Incident Management | ServiceNow Cases Table | ServiceNow Incident | Sync Status |
|---|
| Title | Title - String | Short Description | One way sync from Datadog → ServiceNow |
| What Happened | Description - String | Description | One way sync from Datadog → ServiceNow |
| State | State - String | State | Bi-directionally synced |
| DD Incident URL | Incident URL - String | Work Notes | One way sync from Datadog → ServiceNow |
| Severity | Incident Urgency (int) | Urgency | Bi-directionally synced |
| Severity | Incident Impact (int) | Impact | Bi-directionally synced |
Incident state mapping
| Datadog Monitor State | ServiceNow Incident State |
|---|
| Active | In Progress |
| Warn | In Progress |
| OK | Resolved |
| Completed (optional, configured in settings) | Resolved |
Datadog incident severity to ServiceNow priority mapping
| Datadog Incident Severity | ServiceNow Urgency | ServiceNow Impact | ServiceNow Priority |
|---|
| SEV-1 | 1 | 1 | 1 - Critical |
| SEV-2 | 1 | 2 | 2 - High |
| SEV-2 | 2 | 1 | 2 - High |
| SEV-3 | 1 | 3 | 3 - Moderate |
| SEV-3 | 2 | 2 | 3 - Moderate |
| SEV-3 | 3 | 1 | 3 - Moderate |
| SEV-4 | 2 | 3 | 4 - Low |
| SEV-4 | 3 | 2 | 4 - Low |
| SEV-5 (Minor) | 3 | 3 | 5 - Planning |
| Unknown | 3 | 3 | 5 - Planning |
Note: If Start at SEV-0 is enabled in Incident Management settings, the values in ServiceNow Urgency, ServiceNow Impact, and ServiceNow Priority all stay the same, but the Datadog Incident Severity shifts down by one. For example, in the first row of this table, the Datadog Incident Severity would be 0, but the rest of the values in the rest of the row would stay the same.
Further Reading
Additional helpful documentation, links, and articles:
