Changing the PD Alert/Inc Subject based on SNOW INC

#1

We’re setting up a new implementation of PagerDuty and while we work through the failing integration with SNOW, we’ve begun posting Critical incidents in PD via email.

The regex that I put together seems good -
LIMITED TO ONE IMAGE

The rules appear to be good -
email_rule

Now I’d like to shape the incident number to just be the Regex group: ^(\D{3}\d{7})

So that when the notification shows up in slack, the hyperlink, is the SNOW incident number, similar to the automation that I built prior to PD -
LIMITED TO ONE IMAGE

My vision for the end-state is:

  • Alert triggers
  • INC is created
  • PD begins notification process
  • PD publishes links in Slack
    • SNOW ticket
    • PD ticket
    • Bridge info
  • PD creates an INC channel in Slack (SNOW inc number) - Not needed, if the PD integration is robust enough
  • PD correlates additional updates to INC and posts those updates
  • PD doesn’t trigger additional Alerts or INCs of the same Regex Group
  • PD resolves the INC when notification of Resolution is received
  • PD archives the INC channel in Slack - Not needed, if the PD integration is robust enough
#2

You could look into using your global event routing endpoint instead of a regular email integration. When setting up a rule here, you will see an option to Extract one field into description, so you could use this to extract a given field into the incident description (title). Note that extraction rules must use valid RE2 regular expression syntax.

If you would like help in troubleshooting your ServiceNow integration, I would recommend collecting PagerDuty logs in ServiceNow, reproducing the issue you are seeing, and then emailing the logs to PagerDuty Support (support@pagerduty.com). Here is how you can obtain these logs:

  • In ServiceNow, type in PagerDuty in the filter navigator search on the left side
  • Navigate to Configuration → PagerDuty Settings
  • Scroll down and set Logging verbosity level to debug
  • Reproduce the original issue in the account
  • Navigate to PagerDuty → Support → Logs
  • Make sure you set the view to 100 per page. You can CTRL+F the incident ID’s to be sure that the log contains those details.
  • Copy and paste everything into a CSV (preferred) or text file with the duplicated events reproduced.

Please note that this is not a debug or dev mode - it simply provides logs with more information that PagerDuty can use to troubleshoot any issues with incidents on ServiceNow.