Unlock ServiceNow Superpowers: A Beginner’s Guide to Automating Incident Creation!

So, you’re diving into the world of ServiceNow and want to automate incident creation? Excellent choice! Automating incident creation is a game-changer, reducing manual effort, improving accuracy, and ultimately boosting your organization’s efficiency. This guide will walk you through the fundamentals and provide practical examples to get you started. No prior coding wizardry required!

What is Incident Automation and Why Bother?

Imagine this: every time your monitoring system detects a server outage, someone has to manually create an incident in ServiceNow. They need to fill in details like the impacted server, the detected error, and the urgency of the issue. This is time-consuming and prone to human error.

Incident automation eliminates this manual process. It leverages various ServiceNow features to automatically create incidents based on predefined events or conditions.

The benefits are huge:

• Faster Response Times: Incidents are created instantly, reducing the time it takes to address critical issues.
• Reduced Manual Effort: Free up your IT staff to focus on more strategic tasks.
• Improved Accuracy: Predefined rules ensure consistent and accurate incident data.
• Better Visibility: Centralized incident tracking provides a clear view of all issues.

The Building Blocks: Where to Automate in ServiceNow?

ServiceNow offers several avenues for automating incident creation. Here are a few common ones we’ll explore:

• Business Rules: These are scripts that run on database operations (insert, update, delete, query). They are incredibly versatile and can be used to create incidents based on specific conditions.
• Event Management: If you have a monitoring system, you can integrate it with ServiceNow’s Event Management to automatically create incidents based on events.
• Inbound Email Actions: Parse incoming emails and automatically create incidents based on the email’s content.
• Flow Designer: A no-code/low-code interface for building automated workflows.

For this beginner’s guide, we’ll primarily focus on Business Rules and touch upon Inbound Email Actions for simplicity.

Example 1: Creating an Incident with a Business Rule (Basic)

Let’s say you want to automatically create an incident when a new configuration item (CI) is added to the CMDB with a specific operational_status. This is a classic example for new server setups.

1. Navigate to Business Rules:

   • In the ServiceNow navigation filter, type “Business Rules” and select the result under “System Definition.”

2. Create a New Business Rule:

   • Click the “New” button.

3. Configure the Business Rule:

   • Name: Auto-Create Incident for New Critical CIs
   • Table: Configuration Item [cmdb_ci]
   • Advanced: Check this box. This will reveal the “Advanced” tab where you can add the script.
   • When to Run:
     • When: after
     • Insert: Check this box. We want the rule to run after a new record is inserted.

4. Add the Script (in the Advanced tab):

   (function executeRule(current, previous /*null when async*/) {
    
     if (current.operational_status == 1) { // 1 = Operational
         var inc = new GlideRecord('incident');
         inc.initialize();
         inc.caller_id = 'ServiceNow System'; // System user, you can change this
         inc.cmdb_ci = current.sys_id; // Link to the CI
         inc.short_description = 'New Configuration Item: ' + current.name + ' has been provisioned.';
         inc.description = 'A new configuration item has been added to the CMDB. Please review the details: \n\n' +
                             'Name: ' + current.name + '\n' +
                             'Operational Status: ' + current.operational_status.getDisplayValue() + '\n' +
                             'IP Address: ' + current.ip_address;
         inc.urgency = 3; // Low
         inc.impact = 3;  // Low
         inc.assignment_group.setDisplayValue('Network'); // Replace with your desired group. This is IMPORTANT.
         var sysID = inc.insert();
     }
    
   })(current, previous);

   Explanation of the Script:

   • current: Represents the current Configuration Item record being inserted.
   • if (current.operational_status == 1): This checks if the operational_status field is equal to 1 (which represents “Operational”). Important: This assumes the system’s value for operational_status = Operational is indeed 1. Double check your system configuration.
   • var inc = new GlideRecord('incident'): Creates a new GlideRecord object for the ‘incident’ table.
   • inc.initialize(): Initializes a new, empty incident record.
   • inc.caller_id = 'ServiceNow System': Sets the “Caller” to the System user. Important: It’s best practice to use a dedicated system user account for automated tasks, not your own personal account. Create one if you don’t have one.
   • inc.cmdb_ci = current.sys_id: Links the incident to the configuration item.
   • inc.short_description = ...: Sets a concise description of the incident.
   • inc.description = ...: Provides a more detailed description, including information from the CI.
   • inc.urgency = 3; inc.impact = 3;: Sets the urgency and impact to low. Adjust as needed for your environment.
   • inc.assignment_group.setDisplayValue('Network'): Critically important: Sets the assignment group. Replace ‘Network’ with the actual display value of the assignment group you want the incident assigned to. Failing to set this correctly can lead to incidents going unassigned.
   • var sysID = inc.insert(): Inserts the new incident record into the database.

5. Save the Business Rule: Click the “Submit” button.

Testing the Business Rule:

1. Create a new Configuration Item (CMDB CI) and set its operational_status to “Operational.”
2. Save the CI.
3. Check the Incident table. You should see a new incident automatically created, linked to your new CI.

Important Considerations for Business Rules:

• Performance: Business Rules can impact performance if they are complex or run frequently. Optimize your scripts and use conditions wisely. Consider using asynchronous business rules for long-running operations.
• Error Handling: Include error handling in your scripts to prevent them from failing silently. Use gs.error() or gs.log() to log errors.
• Security: Be mindful of security when writing Business Rules. Avoid exposing sensitive data in your scripts.
• Best Practice: Use setDisplayValue() when setting fields by display value. Use setValue() when setting by sys_id.

Example 2: Creating an Incident from an Inbound Email Action (Simple)

Let’s create a very basic inbound email action that creates an incident when an email is received with a specific subject line.

1. Navigate to Inbound Email Actions:

   • In the ServiceNow navigation filter, type “Inbound Email Actions” and select the result under “System Policy.”

2. Create a New Inbound Email Action:

   • Click the “New” button.

3. Configure the Inbound Email Action:

   • Name: Create Incident from Email - Server Down
   • Target table: Incident [incident]
   • Active: True
   • Stop processing: True
   • When to run:
     • Type: New
     • Conditions: email.subject.indexOf("SERVER DOWN") > -1 (This checks if the email subject contains “SERVER DOWN”)

4. Action:

   • Script:

     (function processEmail(email, waterMark, table) {
      
       current.caller_id = gs.getUserID(); // Set the caller to the user who sent the email
       current.short_description = email.subject;
       current.description = email.body_text;
       current.urgency = 2;
       current.impact = 2;
       current.assignment_group.setDisplayValue('Network'); //Replace with your desired group
       current.insert();
      
     })(email, waterMark, table);

   Explanation of the Script:

   • email: Represents the incoming email object.
   • waterMark: ServiceNow uses a watermark to prevent processing the same email multiple times.
   • table: The target table (in this case, ‘incident’).
   • current.caller_id = gs.getUserID(): Sets the caller to the user who sent the email. This requires that the email address is associated with a user in ServiceNow.
   • current.short_description = email.subject: Sets the short description to the email subject.
   • current.description = email.body_text: Sets the description to the email body.
   • current.assignment_group.setDisplayValue('Network'): Important: Sets the assignment group. Replace ‘Network’ with the actual display value of the assignment group you want the incident assigned to.
   • current.insert(): Inserts the new incident.

5. Save the Inbound Email Action: Click the “Submit” button.

Testing the Inbound Email Action:

1. Send an email to your ServiceNow instance’s email address with the subject line “SERVER DOWN - Critical System”.
2. Check the Incident table. You should see a new incident created with the details from your email.

Important Considerations for Inbound Email Actions:

• Security: Carefully validate the email content to prevent malicious actors from creating unwanted incidents. Implement filtering and validation mechanisms.
• Email Parsing: For more complex scenarios, you’ll need to use regular expressions or other techniques to parse the email content and extract relevant data.
• User Identification: Ensure that the email address of the sender is associated with a user in ServiceNow. Otherwise, the caller_id might be incorrect.
• Spam Filtering: Implement spam filtering to prevent spam emails from creating incidents.
• Best Practice: Use dedicated email accounts for specific types of automated incident creation.

Beyond the Basics:

This guide provides a foundation for automating incident creation in ServiceNow. As you become more comfortable, explore these advanced topics:

• Flow Designer: Utilize the Flow Designer for visual workflow automation, offering a more user-friendly alternative to scripting in some cases.
• Event Management: Integrate your monitoring systems with ServiceNow’s Event Management to automatically create incidents based on events and alerts.
• REST APIs: Use ServiceNow’s REST APIs to create incidents from external applications or services.
• Scheduled Jobs: Create scheduled jobs to automatically create incidents based on predefined criteria.
• Advanced Scripting: Learn more advanced JavaScript scripting techniques to handle complex incident creation scenarios.

Conclusion

Automating incident creation is a powerful way to improve efficiency and reduce manual effort in ServiceNow. By leveraging Business Rules, Inbound Email Actions, and other automation tools, you can streamline your incident management process and ensure that critical issues are addressed quickly and effectively. Remember to test your automations thoroughly, implement proper error handling, and prioritize security to maintain a robust and reliable incident management system. Start small, experiment, and gradually expand your automation capabilities. Happy automating!