“If you add a little to a little, and then do it again, soon that little shall be much.”
— Hesiod
The Event Management service built into ServiceNow is primarily designed for collecting and processing events that occur outside of ServiceNow. However, there is no reason that you cannot leverage that very same capability to handle events that occur in your own ServiceNow applications and customizations. To do that easily and consistently, it’s helpful to bundle up all of the code to make that happen into a function that can be called from a variety of potential users. A server-side Script Include can handle that quite nicely:
var EventUtil = Class.create();
EventUtil.prototype = {
initialize: function() {
},
logEvent: function(source, resource, metric_name, severity, description) {
var event = new GlideRecord('em_event');
event.initialize();
event.source = source;
event.event_class = gs.getProperty('instance_name');
event.resource = resource;
event.node = 'ServiceNow';
event.metric_name = metric_name;
event.type = 'ServiceNow';
event.severity = severity;
event.description = description;
event.insert();
},
type: 'EventUtil'
};
There are a number of properties associated with Events in ServiceNow. Here is the brief explanation of each as explained in the ServiceNow Event Management documentation:
| Variable | Description |
|---|---|
| Source | The name of the event source type. For example, SCOM or SolarWinds. |
| Source Instance (event_class) | Specific instance of the source. For example, SCOM 2012 on 10.20.30.40 |
| node | The node field should contain an identifier for the Host (Server/Switch/Router/etc.) that the event was triggered for. The value of the node field can be one of the following identifiers of the Host:
|
| resource | If the event refers to a device, such as, Disk, CPU, or Network Adapter, or to an application or service running on a Host, the name of the device or application must be populated in this field. For example, Disk C:\ or Nic 001 or Trade web application. |
| metric_name | Used Memory or Total CPU utilization. |
| type | The type of event. This type might be similar to the metric_name field, but is used for general grouping of event types. |
| message_key | This value is used for de-duplication of events. For example, there might be two events for the same CI, where one event has CPU of 50% and the next event has CPU of 99%. Where both events must be mapped to the same ServiceNow alert, they should have the same message key. The field can be left empty, in which case the field value defaults to source+node+type+resource+metric_name. The message_key should be populated only when there is a better identifier than the default. |
| severity | Severity of the event. ServiceNow values for severity range from 1 – Critical to 5 – Info, with the severity of 0 – Clear. Original severity values should be sent as part of the additional information. |
| additional_info | This field is in JSON key/value format, and is meant to contain any information that might be of use to the user. It does not map to a pre-defined ServiceNow event field. Examples include IDs of objects in the event source, event priority (if it is not the same as severity), assignment group information, and so on. Values in the Additional information field of an Event that are not in JSON key/value format are normalized to JSON format when the event is processed. |
| time_of_event | Time when the event occurred on the event origin. The format is: yyyy-MM-dd HH:mm:ss GMT |
| resolution_state | Optional – To indicate that an event has been resolved or no longer occurring, some event monitors use ‘clear’ severity, while other event monitors use a ‘close’ value for severity. This field is used for those monitors proffering the latter. Valid values are New and Closing. |
Generating an Event in ServiceNow is simply writing a record to the em_event table. To reduce the amount of info that needs to be passed to the utility, our example function assumes a standard value for a number of properties of the Event, such as the event_class, node, and type, and leaves out completely those things that will receive a default value from the system such as message_key, time_of_event, and resolution_state. For our purpose, which is a means to generate internal Events within ServiceNow, we can accept all of those values as standard defaults. The rest will need to be passed in from the process reporting the Event.
For the source value, I like to use the name of the object (Widget, UI Script, Script Include, etc.) reporting the Event. For the resource value, I like to use something that describes the data involved, such as the Incident number or User ID. The source is the tool, and the resource is the specific data that is being processed by that tool. The other three data points that we pass are metric_name, severity, and description, all of which further classify and describe the event.
The example above takes care of the server side, but what about the client side? To support client-side event reporting, we can add an Ajax version of the function to our server-side Script Include, and then create a client-side UI Script that will make the Ajax call. The modified Script Include looks like this:
var ServerEventUtil = Class.create();
ServerEventUtil.prototype = Object.extendsObject(AbstractAjaxProcessor, {
logClientEvent: function() {
this.logEvent(
this.getParameter('sysparm_source'),
this.getParameter('sysparm_resource'),
this.getParameter('sysparm_metric_name'),
this.getParameter('sysparm_severity'),
this.getParameter('sysparm_description'));
},
logEvent: function(source, resource, metric_name, severity, description) {
var event = new GlideRecord('em_event');
event.initialize();
event.source = source;
event.event_class = gs.getProperty('instance_name');
event.resource = resource;
event.node = 'ServiceNow';
event.metric_name = metric_name;
event.type = 'ServiceNow';
event.severity = severity;
event.description = description;
event.insert();
},
type: 'ServerEventUtil'
});
To access this code from the client side of things, a new UI Script will do the trick:
var ClientEventUtil = {
logEvent: function(source, resource, metric_name, severity, description, additional_info) {
var ga = new GlideAjax('ServerEventUtil');
ga.addParam('sysparm_name', 'logClientEvent');
ga.addParam('sysparm_source', source);
ga.addParam('sysparm_resource', resource);
ga.addParam('sysparm_metric_name', metric_name);
ga.addParam('sysparm_severity', severity);
ga.addParam('sysparm_description', description);
ga.getXML();
},
type: 'ClientEventUtil'
};
Now that we have created our utility functions to do all of the heavy lifting, reporting an Event is a simple matter of calling the logEvent function from the appropriate module. On the server side, that would something like this:
var seu = new ServerEventUtil();
seu.logEvent(this.type, gs.getUserID(), 'Unauthorized Access Attemtp', 3, 'User ' + gs.getUserName() + ' attempted to access ' + functionName + ' without the required role.');
On the client side, where we don’t have to instantiate a new object, the code is event simpler:
ClientEventUtil.logEvent('some_page.do', NOW.user.userID, 'Unauthorized Access Attemtp', 3, 'User ' + NOW.user.name + ' attempted to access ' + functionName + ' without the required role.');
To test all of this out, we should be able to build a simple UI Page with a couple of test buttons on it (one for the server-side test and one for the client-side test). This will allow us to both test the utility modules and also see what happens to the Events once they get generated. That sounds like a good project for next time out.
