Integration with ITSM systems – ITSM vs. Logic App?
Published Apr 27 2021 04:16 AM 5,236 Views
Microsoft

Today’s organizations are using multiple tools and environments for their day-to-day operation. As a result, many prefer a one central management system to operate their service across the stack. The integration of Azure Monitor Alerts with ITSM ticketing systems (e.g. ServiceNow) was created with this goal in mind.

 

Azure Monitor is a cloud-based offering that helps you to reliably monitor the performance and availability of your cloud services. Azure Monitor collects and analyzes telemetry from your cloud as well as on-premises environments. Azure Monitor alerts uses this data and gives proactively notifies you when a metric value or a log query result indicates a problem.

 

Why do we need integration between Azure Alerts and ITSM systems?

Integrating a monitoring and service management systems provides a single view of tickets/incidents in one central system regardless the underlying cloud technology. Thus, it enables a multi-cloud strategy of monitoring both cloud and on-premises services integrated with all the other monitored items in an organization.

When an organization has common processes and one unified KPI management system, they can operate across their stack view and improve per the operational and business needs.  

How can we establish the integration between Azure Alerts and ITSM systems?

out of the various ways to integrate, in this article we will explore two integration options ITSM connector integration and logic app.

As a customer, you can select how you want to be notified about an alert using action group. Notification can go through email, SMS, Webhook or even an automated solution. You can also choose to use ITSM or a Logic app:

 

  • ITSM Connector: ITSM connector lets you send alerts to an external ticketing system such as ServiceNow.
                                              ITSM-pic.jpg
  • Logic app: Logic apps let you write processing rules and use a built-in connector that will send the alerts to ServiceNow.
    LogicApp.jpg

    Code exmaple:

    {
        "definition": {
            "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
            "actions": {
                "Create_Record": {
                    "inputs": {
                        "body": {
                            "assigned_to": "Customer",
                            "assignment_group": "Best Practices Group",
                            "business_service": "SAP Enterprise Services",
                            "caller_id": "Caller",
                            "category": "Network",
                            "cmdb_ci": "@triggerBody()?['data']?['essentials']?['originAlertId']",
                            "contact_type": "Email",
                            "description": "@triggerBody()?['data']?['essentials']?['alertId']",
                            "impact": "1",
                            "number": "@triggerBody()?['data']?['essentials']?['alertId']",
                            "priority": "2",
                            "severity": "@triggerBody()?['data']?['essentials']?['severity']",
                            "short_description": "Desc",
                            "subcategory": "retailEUS8",
                            "urgency": "3",
                            "work_notes_list": "Notes\nNotes\nNotes"
                        },
                        "host": {
                            "connection": {
                                "name": "@parameters('$connections')['service-now']['connectionId']"
                            }
                        },
                        "method": "post",
                        "path": "/api/now/v2/table/@{encodeURIComponent('incident')}",
                        "queries": {
                            "sysparm_display_value": true,
                            "sysparm_exclude_reference_link": true
                        }
                    },
                    "runAfter": {},
                    "type": "ApiConnection"
                },
                "HTTP_Webhook": {
                    "inputs": {
                        "subscribe": {
                            "body": "×@{triggerBody()?['data']}",
                            "method": "POST",
                            "uri": "https://ven01958.service-now.com/api/now/v2/table/incident"
                        },
                        "unsubscribe": {}
                    },
                    "runAfter": {
                        "HTTP_Webhook_2": [
                            "Succeeded"
                        ]
                    },
                    "type": "HttpWebhook"
                },
                "HTTP_Webhook_2": {
                    "inputs": {
                        "subscribe": {
                            "body": "@triggerBody()?['data']",
                            "method": "POST",
                            "uri": "https://webhook.site/5fdbe59b-f395-40df-af4d-8a91a7462c96"
                        },
                        "unsubscribe": {}
                    },
                    "runAfter": {},
                    "type": "HttpWebhook"
                }
            },
            "contentVersion": "1.0.0.0",
            "outputs": {},
            "parameters": {
                "$connections": {
                    "defaultValue": {},
                    "type": "Object"
                }
            },
            "triggers": {
                "manual": {
                    "inputs": {
                        "schema": {
                            "properties": {
                                "data": {
                                    "properties": {
                                        "alertContext": {
                                            "properties": {},
                                            "type": "object"
                                        },
                                        "essentials": {
                                            "properties": {
                                                "alertContextVersion": {
                                                    "type": "string"
                                                },
                                                "alertId": {
                                                    "type": "string"
                                                },
                                                "alertRule": {
                                                    "type": "string"
                                                },
                                                "alertTargetIDs": {
                                                    "items": {
                                                        "type": "string"
                                                    },
                                                    "type": "array"
                                                },
                                                "description": {
                                                    "type": "string"
                                                },
                                                "essentialsVersion": {
                                                    "type": "string"
                                                },
                                                "firedDateTime": {
                                                    "type": "string"
                                                },
                                                "monitorCondition": {
                                                    "type": "string"
                                                },
                                                "monitoringService": {
                                                    "type": "string"
                                                },
                                                "originAlertId": {
                                                    "type": "string"
                                                },
                                                "resolvedDateTime": {
                                                    "type": "string"
                                                },
                                                "severity": {
                                                    "type": "string"
                                                },
                                                "signalType": {
                                                    "type": "string"
                                                }
                                            },
                                            "type": "object"
                                        }
                                    },
                                    "type": "object"
                                },
                                "schemaId": {
                                    "type": "string"
                                }
                            },
                            "type": "object"
                        }
                    },
                    "kind": "Http",
                    "type": "Request"
                }
            }
        },
        "parameters": {
            "$connections": {
                "value": {
                    "service-now": {
                        "connectionId": "/subscriptions/9b224e0b-fa4c-40eb-9472-d7798d293138/resourceGroups/Noga-RG/providers/Microsoft.Web/connections/service-now",
                        "connectionName": "service-now",
                        "id": "/subscriptions/9b224e0b-fa4c-40eb-9472-d7798d293138/providers/Microsoft.Web/locations/centralus/managedApis/service-now"
                    }
                }
            }
        }
    }

What are the pros and cons for each option?

 

ITSM connector:

  • Plug and Play: ITSM is a built-in solution within Azure Monitor, meaning that with a simple configuration you can send Azure alerts to the ticketing system.
  • Bi-directional: The ITSM connector can also pull incidents and change requests from ServiceNow into an Azure Monitor Log Analytics workspace. This allows you to consume the data using Azure Monitor tools (for example using dashboard).
  • Multi-Partners: The integration supports more than ServiceNow. It supports Microsoft System Center as well as BMC helix. The next generation of the integration is referred to as secure export.
  • Version supported: All versions since Geneva (Quebec will be supported from Jun-2021).
  • Authentication: The authentication is not persistent using credentials.

Logic app:

  • Flexible: Logic apps are more flexible. In the sense that you can define custom logic which builds a custom payload to send to ServiceNow when an alert fires.
  • Complexity: The logic app rules can be very complex.
  • Version support: Supports all versions of ServiceNow.
  • Authentication: No authentication.

In conclusion, the main difference between the two is the robustness of the integration. ITSM is easy to use though it is robust. Logic apps on the other hand are very flexible, but the configuration might be complex. As a customer, you need to define your priorities and evaluate which is the best solution for your organization.

Version history
Last update:
‎Apr 08 2022 11:15 AM
Updated by: