Need Help with your GCP Project?

Contact a certified professional GoogleCloudArchitect today.

What are we trying to do?

There are going to be discovered VMs through service now discovery.  These instances can be in the GCP Environment (inside Cloud VPCs) or inside a data center. A few steps are required to make this discovery happen. Check the service now documentation for those steps.

What we are trying to do is pipe any alerts for the GCP Environment Discovered Instances to Service Now. More specifically to service now's event management dashboard.

What does NOW ( Service Now ) offer to enable us to do this?

Now Platform Instance has a REST endpoint. One can invoke this endpoint from GCP - using a webhook. The GCP webhook can be configured in the notification channels (Monitoring) --> Add Webhook

The steps are outlined here in Service Now's documentation

Configuring the NOW instance (see step 3 for the crucial MID server)

Before you begin

  • Ensure that the Event Management Connectors (sn_em_connector) plugin is installed on the Now Platform instance.
  • The Event Management plugin must be installed on the Now Platform instance.
  • Verify Configuration Items for the hosts managed by GCP exist in ServiceNow. These CIs can be physical or virtual, and can be either manually created or discovered using IP discovery or Cloud discovery. This requires a MID Server to be installed on a Compute Instance - inside a separate project (which comes with it's own default VPC).
    • For test purposes, you can MANUALLY add a VM to the NOW discovery screen. This VM can be in any GCP project - as long as the GCP service account you use has access to that other project as well. See this post for more on service accounts that need to cross projects.
  • The Event Management Connector plugin supports GCP alert data in JSON 1.2 format only.
  • Role required: evt_mgmt_integration

Configuring GCP - creating a webhook to call Service Now's API

  1. In the GCP console, add a webhook.
    1. Navigate to Monitoring > Alerting, and click Edit Notification Channels.
    2. In the Webhooks section, click Add New.
    3. Select the Use HTTP Basic Auth check box, and enter the user name and password of the relevant ServiceNow user.
      Note: Ensure that the selected user is assigned the evt_mgmt_integration role. To ensure proper authentication, use the least privileged user with the evt_mgmt_integration role, rather than a high privileged user.
    4. Enter the endpoint URL.
      For example, use https://<instance-name>.service-now.com/api/sn_em_connector/em/inbound_event?source=googlemonitor.
  2. In the GCP console, create an alerting policy.
    1. Navigate to Monitoring > Alerting, and click Create Policy.
    2. Configure policy conditions that initiate alerts when the conditions are violated.
    3. Select the webhook on which the problem should be notified.
    Note: If you need to directly open an incident in the GCP console from the alert, navigate to Quick Response (in Alert) > Show Incident in GCP Console.

Result

Alerts start flowing from GCP into the Event Management plugin. The plugin extracts information from the original GCP alert message to populate the required event fields and inserts the event into the database. In your Now Platform instance, navigate to All Events to see the events.

GCP does not send values such as the severity level in the payload. The default severity is Minor, which can be changed in the Push Connector Configuration section of Push Connectors > Google Monitor Push Connector. The valid values of severity are 1- Critical2- Major3- Minor4- Warning, and 5- Info.