Skip to main content
Sumo Logic

Set Up ServiceNow Connections

About Webhooks and ServiceNow Incidents

A Webhook is an HTTP callback: an HTTP POST that occurs when something happens. Webhook connections allow you to send Sumo Logic alerts to third-party applications that accept incoming Webhooks.

An incident is an unplanned interruption that has occurred in your business and this is reported in ServiceNow via an ITSM incident.

Prerequisite

Before setting up ServiceNow integration, contact your ServiceNow account manager to make sure that your organization has a subscription for Event Management.

To configure a Webhook connection, you must have a Sumo Logic role that grants you the Manage connections capability.

Set up a ServiceNow connection

To set up a ServiceNow Webhook connection:

  1. Go to Manage Data > Monitoring > Connections.
  2. On the Connections page click Add.
  3. For Connection Type, select ServiceNow.
    serviceNow icon.png
  4. In the Create Connection dialog, enter the Name of the connection.
  5. (Optional) Enter a Description for the connection.
  6. For URL, enter one of the following based on whether you want to create Events or Incidents
  • To create ServiceNow ITSM Incidents enter the URL for the ServiceNow Incident endpoint. 

https://<your-instance>.service-now.com/api/now/table/incident 

  • To create Events, copy your organization's ServiceNow URL, which can be found at the top of any ServiceNow web page, then paste it in the URL text box. After pasting the URL, type /api/now/table/em_event to enable data to be uploaded from Sumo Logic to ServiceNow.

https://<your-instance>.service-now.com/api/now/table/em_event 

  1. Authentication can be done with a Username and Password or an Authorization Header.
    • Use the Username and Password used to log in to ServiceNow.
    • See how to set an Authorization Header.
  2. Set the Type to Events or Incidents based on what you want to create. This needs to align with the URL you provided in step 6.
  3. (Optional) Custom Headers, enter up to five comma separated key-value pairs.
  4. For Payload, enter a JSON object that defines the structure of what you want sent to ServiceNow. For details on variables that can be used as parameters within your JSON object, see webhook payload variables
  5. Click Save.
  6. After configuring the connection, continue with Testing the connection. and then create a scheduled search to send alerts to this connection.

Test the connection

After configuring the connection, click Test Connection. If the connection is made, you will see a 201 OK response message.

If the connection is successful, you'll see an event or incident created in ServiceNow. There won't contain any information from the scheduled search, it will just have the text in the payload.

ServiceNow ITSM Incident Import Table Fields

To determine the available fields and generate a sample payload for ServiceNow ITSM Incidents see the ServiceNow documentation.

Once you are satisfied with the payload, copy the payload into the Sumo Logic payload field under the Webhook connection.

Incidents for Domain Separation 

With domain separation in ServiceNow, you can separate data, processes, and administrative tasks into logically defined domains. To send ITSM incidents to the right domain, as part of the Webhook payload, send “company” as part of the payload and set it to your customer’s company sysid (32-bit GUID) to ensure the incident is inserted in the proper ServiceNow domain. You will also need to ensure the following:

  1. Business rules are running for your import set as documented here

  2. The company field in the import map is set to reject if the company name doesn’t exist as documented here

Set up a ServiceNow (Legacy) connection

The first step for integrating ServiceNow with Sumo Logic is to configure one or more connections, which are HTTP endpoints that tell Sumo Logic where to send data. You can set up any number of connections, depending on your organization's needs.

  1. In Sumo Logic, go to Manage Data > Monitoring > Connections.
  2. On the Connections page, click Add.
  3. For Connection Type, select ServiceNow (Legacy).
    serviceNow legacy icon.png
  4. In the Create Connection dialog box enter the Name of the connection.
  5. Optional: Enter a Description for the connection.
  6. Enter the Username and Password used to log in to ServiceNow.
  7. For URL, copy your organization's ServiceNow URL, which can be found at the top of any ServiceNow web page, then paste it in the URL text box. After pasting the URL, type /api/now/table/em_event to enable data to be uploaded from Sumo Logic to ServiceNow.
  8. Click Save. The connection displays.

Edit connections

Existing connections can be edited at any time through the Manage Data > Monitoring > Connections page.

  1. Click Edit to the right of the name of the connection.
  2. Make any changes to the information, then click Save.