ServiceNowDevProgram · ravichandra1998g · Oct 28, 2025 · Oct 27, 2025 · Oct 27, 2025 · Oct 27, 2025
diff --git a/...deJsonPath/Create Critical P1 Incident from Alert using GlideJsonPath/README.md b/...deJsonPath/Create Critical P1 Incident from Alert using GlideJsonPath/README.md
@@ -0,0 +1,17 @@
+Create Critical P1 Incident from Alert This script provides the server-side logic for a Scripted REST API endpoint in ServiceNow. 
+It allows external monitoring tools to send alert data via a POST request, which is then used to automatically create a high-priority, P1 incident. 
+Overview The API endpoint performs the following actions: Receives a JSON Payload: Accepts a POST request containing a JSON payload with alert details (severity, description, source, CI). Parses Data: Uses the GlideJsonPath API to efficiently extract the necessary alert information from the JSON body. Validates Request: Ensures that the severity is CRITICAL and the description is present. It sends an appropriate error response for invalid or incomplete data. Creates Incident: If the data is valid, it creates a new incident record in the incident table. Sets Incident Fields: Automatically populates the incident's short_description, description, source, and sets the impact, urgency, and priority to 1 - High/Critical. Associates CI: If a ci_sys_id is provided in the payload, it links the incident to the correct Configuration Item. Logs Activity: Logs the successful creation of the incident in the system log for tracking and auditing purposes. Responds to Sender: Sends a JSON response back to the external system, confirming success or failure and providing the new incident's number and sys_id. Expected JSON payload The external system should send a POST request with a JSON body structured like this: json { "alert": { "severity": "CRITICAL", "description": "The primary database server is down. Users are unable to log in.", "source": "Dynatrace", "configuration_item": "DB_Server_01", "ci_sys_id": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6" } } Use code with caution.
+
+Installation As a Scripted REST API Resource Create the Scripted REST API: Navigate to System Web Services > Scripted REST APIs. 
+Click New and fill in the details: Name: CriticalAlertIncident API ID: critical_alert_incident Save the record.
+
+Create the Resource: On the Resources related list of the API record, click New. 
+Name: PostCriticalIncident HTTP Method: POST Relative Path: / Copy and paste the provided script into the Script field. Configure Security: Ensure appropriate authentication is configured for the API, such as OAuth or Basic Auth, to secure the endpoint. Customization Change Priority/Impact: Modify the grIncident.setValue() lines to set different priority or impact levels based on the payload (e.g., if (severity == 'MAJOR') { grIncident.setValue('priority', 2); }). Add Additional Fields: Extend the script to parse and set other incident fields, such as assignment_group, caller_id, or category, based on data from the incoming payload. Enrich Incident Data: Perform a lookup on the CI to fetch additional information and add it to the incident description or other fields. Handle Different Severity Levels: Add if/else logic to handle different severity values (e.g., MAJOR, MINOR) from the source system, creating incidents with different priorities accordingly.
+
+Dependencies This script requires the GlideJsonPath API, which is available in Jakarta and later releases. 
+The API endpoint must be secured with appropriate authentication to prevent unauthorized access.
+
+Considerations
+
+Security: This API endpoint is a powerful integration point. 
+Ensure that it is properly secured and that only trusted sources are allowed to create incidents. Error Handling: The script includes robust error handling for common failures (missing data, insertion failure) but should be extended to handle specific use cases as needed. Testing: Thoroughly test the endpoint with a variety of payloads, including valid data, missing data, and invalid data, to ensure it behaves as expected.
diff --git a/...w APIs/GlideJsonPath/Create Critical P1 Incident from Alert using GlideJsonPath/script.js b/...w APIs/GlideJsonPath/Create Critical P1 Incident from Alert using GlideJsonPath/script.js
@@ -0,0 +1,78 @@
+try {
+        // Get the JSON payload from the request body.
+        var requestBody = request.body.dataString;
+
+        // Use GlideJsonPath to parse the JSON payload efficiently.
+        var gjp = new GlideJsonPath(requestBody);
+
+        // Extract key information from the JSON payload.
+        var severity = gjp.read("$.alert.severity");
+        var shortDescription = gjp.read("$.alert.description");
+        var source = gjp.read("$.alert.source");
+        var ciName = gjp.read("$.alert.configuration_item");
+        var ciSysId = gjp.read("$.alert.ci_sys_id");
+
+        // Validate that mandatory fields are present.
+        if (!shortDescription || severity != 'CRITICAL') {
+            response.setStatus(400); // Bad Request
+            response.setBody({
+                "status": "error",
+                "message": "Missing mandatory alert information or severity is not critical."
+            });
+            return;
+        }
+
+        // Use GlideRecordSecure for added security and ACL enforcement.
+        var grIncident = new GlideRecordSecure('incident');
+        grIncident.initialize();
+
+        // Set incident field values from the JSON payload.
+        grIncident.setValue('short_description', 'INTEGRATION ALERT: [' + source + '] ' + shortDescription);
+        grIncident.setValue('description', 'A critical alert has been received from ' + source + '.\n\nAlert Details:\nSeverity: ' + severity + '\nDescription: ' + shortDescription + '\nCI Name: ' + ciName);
+        grIncident.setValue('source', source);
+        grIncident.setValue('impact', 1); // Set Impact to '1 - High'
+        grIncident.setValue('urgency', 1); // Set Urgency to '1 - High'
+        grIncident.setValue('priority', 1); // Set Priority to '1 - Critical'
+
+        // If a CI sys_id is provided, set the Configuration Item.
+        if (ciSysId) {
+            grIncident.setValue('cmdb_ci', ciSysId);
+        }
+
+        // Insert the new incident record and store its sys_id.
+        var newIncidentSysId = grIncident.insert();
+
+        if (newIncidentSysId) {
+            // Get the incident number for the successful response.
+            var incNumber = grIncident.getRecord().getValue('number');
+
+            // Log the successful incident creation.
+            gs.info('Critical P1 incident ' + incNumber + ' created from alert from ' + source);
+
+            // Prepare the success response.
+            var responseBody = {
+                "status": "success",
+                "message": "Critical incident created successfully.",
+                "incident_number": incNumber,
+                "incident_sys_id": newIncidentSysId
+            };
+            response.setStatus(201); // Created
+            response.setBody(responseBody);
+        } else {
+            // Handle database insertion failure.
+            response.setStatus(500); // Internal Server Error
+            response.setBody({
+                "status": "error",
+                "message": "Failed to create the incident record."
+            });
+        }
+
+    } catch (ex) {
+        // Handle any exceptions during processing.
+        gs.error('An error occurred during critical alert incident creation: ' + ex);
+        response.setStatus(500);
+        response.setBody({
+            "status": "error",
+            "message": "An internal server error occurred."
+        });
+    }