Create Critical P1 Incident from Alert using GlideJsonPath - Pull5 (#2561)

trimbakeshmadhan-109 · web-flow · commit efc5be3e46c3 · 2025-10-28T20:00:52.000+05:30
* script.js

Automatically create a problem record from incident volume
Use case: Automatically create a problem record if a specific Configuration Item (CI) is associated with more than a certain number of incidents within a defined timeframe. 
Code snippet
This code can be placed in a Scheduled Script Execution or an After Insert Business Rule to check new incidents

* README.md

* Script.js

Identify the oldest active incident for each assignment group. This helps managers focus on long-running tickets that may require special attention.

* README.md

* script.js

This example searches a JSON document for all developers listed under the specified path.

* README.md

* Update README.md

* script.js

Identify inactive users who still have unresolved incidents. This helps with offboarding processes and ensures incidents aren't left unattended.

* README.md

* Update script.js

* Delete Core ServiceNow APIs/GlideAggregate/Count Inactive Users with Active incidents/README.md

* Delete Core ServiceNow APIs/GlideAggregate/Count Inactive Users with Active incidents/script.js

* Delete Core ServiceNow APIs/GlideAggregate/Find oldest Incident based Assignment Groups/README.md

* Delete Core ServiceNow APIs/GlideAggregate/Find oldest Incident based Assignment Groups/script.js

* Delete Core ServiceNow APIs/GlideJsonPath/GlideJsonPath Reader Example/README.md

* Delete Core ServiceNow APIs/GlideJsonPath/GlideJsonPath Reader Example/script.js

* Create script.js

* README.md

* Delete Core ServiceNow APIs/GlideAggregate/Create Problem based on incident volume/README.md

* Delete Core ServiceNow APIs/GlideAggregate/Create Problem based on incident volume/script.js

* script.js

Create Critical P1 Incident from Alert

* README.md

* Delete Core ServiceNow APIs/GlideJsonPath/Basic-Example/Creating a P1 Major Incident from an external monitoring system/README.md

* Delete Core ServiceNow APIs/GlideJsonPath/Basic-Example/Creating a P1 Major Incident from an external monitoring system/script.js
diff --git a/Core ServiceNow APIs/GlideJsonPath/Create Critical P1 Incident from Alert using GlideJsonPath/README.md b/Core ServiceNow APIs/GlideJsonPath/Create Critical P1 Incident from Alert using GlideJsonPath/README.md
@@ -0,0 +1,17 @@
+Create Critical P1 Incident from Alert This script provides the server-side logic for a Scripted REST API endpoint in ServiceNow. 
+It allows external monitoring tools to send alert data via a POST request, which is then used to automatically create a high-priority, P1 incident. 
+Overview The API endpoint performs the following actions: Receives a JSON Payload: Accepts a POST request containing a JSON payload with alert details (severity, description, source, CI). Parses Data: Uses the GlideJsonPath API to efficiently extract the necessary alert information from the JSON body. Validates Request: Ensures that the severity is CRITICAL and the description is present. It sends an appropriate error response for invalid or incomplete data. Creates Incident: If the data is valid, it creates a new incident record in the incident table. Sets Incident Fields: Automatically populates the incident's short_description, description, source, and sets the impact, urgency, and priority to 1 - High/Critical. Associates CI: If a ci_sys_id is provided in the payload, it links the incident to the correct Configuration Item. Logs Activity: Logs the successful creation of the incident in the system log for tracking and auditing purposes. Responds to Sender: Sends a JSON response back to the external system, confirming success or failure and providing the new incident's number and sys_id. Expected JSON payload The external system should send a POST request with a JSON body structured like this: json { "alert": { "severity": "CRITICAL", "description": "The primary database server is down. Users are unable to log in.", "source": "Dynatrace", "configuration_item": "DB_Server_01", "ci_sys_id": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6" } } Use code with caution.
+
+Installation As a Scripted REST API Resource Create the Scripted REST API: Navigate to System Web Services > Scripted REST APIs. 
+Click New and fill in the details: Name: CriticalAlertIncident API ID: critical_alert_incident Save the record.
+
+Create the Resource: On the Resources related list of the API record, click New. 
+Name: PostCriticalIncident HTTP Method: POST Relative Path: / Copy and paste the provided script into the Script field. Configure Security: Ensure appropriate authentication is configured for the API, such as OAuth or Basic Auth, to secure the endpoint. Customization Change Priority/Impact: Modify the grIncident.setValue() lines to set different priority or impact levels based on the payload (e.g., if (severity == 'MAJOR') { grIncident.setValue('priority', 2); }). Add Additional Fields: Extend the script to parse and set other incident fields, such as assignment_group, caller_id, or category, based on data from the incoming payload. Enrich Incident Data: Perform a lookup on the CI to fetch additional information and add it to the incident description or other fields. Handle Different Severity Levels: Add if/else logic to handle different severity values (e.g., MAJOR, MINOR) from the source system, creating incidents with different priorities accordingly.
+
+Dependencies This script requires the GlideJsonPath API, which is available in Jakarta and later releases. 
+The API endpoint must be secured with appropriate authentication to prevent unauthorized access.
+
+Considerations
+
+Security: This API endpoint is a powerful integration point. 
+Ensure that it is properly secured and that only trusted sources are allowed to create incidents. Error Handling: The script includes robust error handling for common failures (missing data, insertion failure) but should be extended to handle specific use cases as needed. Testing: Thoroughly test the endpoint with a variety of payloads, including valid data, missing data, and invalid data, to ensure it behaves as expected.
diff --git a/Core ServiceNow APIs/GlideJsonPath/Create Critical P1 Incident from Alert using GlideJsonPath/script.js b/Core ServiceNow APIs/GlideJsonPath/Create Critical P1 Incident from Alert using GlideJsonPath/script.js
@@ -0,0 +1,78 @@
+try {
+        // Get the JSON payload from the request body.
+        var requestBody = request.body.dataString;
+
+        // Use GlideJsonPath to parse the JSON payload efficiently.
+        var gjp = new GlideJsonPath(requestBody);
+
+        // Extract key information from the JSON payload.
+        var severity = gjp.read("$.alert.severity");
+        var shortDescription = gjp.read("$.alert.description");
+        var source = gjp.read("$.alert.source");
+        var ciName = gjp.read("$.alert.configuration_item");
+        var ciSysId = gjp.read("$.alert.ci_sys_id");
+
+        // Validate that mandatory fields are present.
+        if (!shortDescription || severity != 'CRITICAL') {
+            response.setStatus(400); // Bad Request
+            response.setBody({
+                "status": "error",
+                "message": "Missing mandatory alert information or severity is not critical."
+            });
+            return;
+        }
+        
+        // Use GlideRecordSecure for added security and ACL enforcement.
+        var grIncident = new GlideRecordSecure('incident');
+        grIncident.initialize();
+        
+        // Set incident field values from the JSON payload.
+        grIncident.setValue('short_description', 'INTEGRATION ALERT: [' + source + '] ' + shortDescription);
+        grIncident.setValue('description', 'A critical alert has been received from ' + source + '.\n\nAlert Details:\nSeverity: ' + severity + '\nDescription: ' + shortDescription + '\nCI Name: ' + ciName);
+        grIncident.setValue('source', source);
+        grIncident.setValue('impact', 1); // Set Impact to '1 - High'
+        grIncident.setValue('urgency', 1); // Set Urgency to '1 - High'
+        grIncident.setValue('priority', 1); // Set Priority to '1 - Critical'
+
+        // If a CI sys_id is provided, set the Configuration Item.
+        if (ciSysId) {
+            grIncident.setValue('cmdb_ci', ciSysId);
+        }
+        
+        // Insert the new incident record and store its sys_id.
+        var newIncidentSysId = grIncident.insert();
+        
+        if (newIncidentSysId) {
+            // Get the incident number for the successful response.
+            var incNumber = grIncident.getRecord().getValue('number');
+            
+            // Log the successful incident creation.
+            gs.info('Critical P1 incident ' + incNumber + ' created from alert from ' + source);
+            
+            // Prepare the success response.
+            var responseBody = {
+                "status": "success",
+                "message": "Critical incident created successfully.",
+                "incident_number": incNumber,
+                "incident_sys_id": newIncidentSysId
+            };
+            response.setStatus(201); // Created
+            response.setBody(responseBody);
+        } else {
+            // Handle database insertion failure.
+            response.setStatus(500); // Internal Server Error
+            response.setBody({
+                "status": "error",
+                "message": "Failed to create the incident record."
+            });
+        }
+        
+    } catch (ex) {
+        // Handle any exceptions during processing.
+        gs.error('An error occurred during critical alert incident creation: ' + ex);
+        response.setStatus(500);
+        response.setBody({
+            "status": "error",
+            "message": "An internal server error occurred."
+        });
+    }
