Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Configure Azure events transform script

Configure Azure events transform script

Integrate Microsoft Azure with Event Management, using an event transform script to process event messages.

Before you begin

Role required: evt_mgmt_admin

The Event Management integration with Azure supports the Azure Classic Metric Alert format, also known as Insights Alerts. For this format, Event Management provides a dedicated listener, Azure Events Transform Script, see Dedicated listener. Several event rules for this format are provided with the base system, see Azure event rules provided with the base system. For information about how to receive events from other Azure formats, see Receive event from other Azure formats .

Activate the inbound event azure endpoint to enable receiving Azure platform alerts in Event Management, which works without security authentication:
  1. Navigate to System Web Services > Scripted Web Services > Scripted Rest APIs.
  2. Locate and click the Inbound Event script.
  3. In the Resources area, click inbound event azure.
  4. Select Active and then click Update.

Dedicated listener

Configure a dedicated listener that supports the Azure Classic Metric Alert format, as follows:
  1. Open the Azure platform transform script, navigate to Event Management > Event Listener (Push) > Listener Transform Scripts.
  2. In the Listener Transform Scripts page, click Azure Events Transform Script.

    You can select to send Azure alerts either through the instance or the MID Server.

Azure event rules

Azure event rules provided with the base system are:

Event rule Description
Azure database binding Bind Azure database events, other than SQL and MSSQL, to the “Cloud database” CI.
Azure host binding Bind Azure events on either the host or VM to the host (Hardware) CI.
Azure MSSQL binding Bind Azure MSSQL events to the “Cloud database” CI.
Azure SQL binding Bind Azure SQL events to the “Cloud database” CI.
Azure vm binding

By default, this event rule is disabled.

Bind Azure events on either the host or VM to the “Virtual Machine Instance” CI.

To enable this rule, first disable the "Azure host binding” rule.

Azure WS binding Bind Azure Web Server events to the “Cloud WebServer” CI.

About this task

When an Azure alert message arrives, Event Management:
  • Extracts information from the original Azure alert message to populate required event fields and inserts the event into the database.
  • Captures specified content in the additional_info field.

Procedure

  1. In the Azure platform portal, create alert rules using the Alerts (Preview) interface.
    The definition of an alert rule in Azure platform portal has these parts:
    • Target: Specific Azure platform resource that is to be monitored.
    • Criteria: Specific condition or logic that, when seen in Signal, should trigger action.
    • Action: Specific call sent to a receiver of a notification - email, SMS, Webhook, and so on.
  2. In the Webhook column, specify the endpoint URL in the format: https://<instance-name>.service-now.com/api/global/em/inbound_event_azure. For example:
    Event Management Azure

What to do next

Receive events from other Azure formats Event Management can receive events from other Azure formats, such as Azure Activity Alert (also known as audit log), and Azure log Alert (also known as unified log). Use this generic JSON target URL to collect events from other Azure formats:https:/<<INSTANCE>>/api/global/em/inbound_event?source=genericJson. This generic URL can be used as-is, and requires an event rule to be configured to populate the correct fields in the alert.

Example of the Transform and Compose Alert Output section of an event rule to show the configuration to receive an alert when receiving alert rules from Azure in the Azure Activity Alert format.

Event rule showing Transform tab