Documentation Grafana Cloud Alerts and IRM IRM Configure Integrations Integration reference OnCall integrations ServiceNow

ServiceNow integration for Grafana IRM

The ServiceNow integration enables bidirectional synchronization between alert groups in Grafana IRM and incidents in ServiceNow. Use it to automate incident creation, status updates, and resolution note sharing across both systems.

Whether your alerts originate from ServiceNow or another integration like Alertmanager or Grafana Alerting, you can manage updates and status changes directly from ServiceNow.

With this integration, you can:

• Automatically create a ServiceNow incident when an alert group is created in IRM
• Update the ServiceNow incident state when the alert group status changes
• Automatically create an alert group in IRM when a ServiceNow incident is created
• Update the alert group status when the ServiceNow incident state changes

Before you begin

Before configuring the integration, ensure you or your ServiceNow Admin have created a Service account specifically for Grafana IRM integration.

To create a ServiceNow user for Grafana IRM:

1. In ServiceNow, navigate to User Administration > Users, and click New
2. Provide the following information:
   • Username: grafana-irm
   • First name: Grafana IRM
   • Active: Enabled
   • Web service access only: Enabled
3. Click Set Password to generate a password and securely store it.
4. In the Roles tab, assign the following roles:
   • itil – Required for incident creation and updates
   • personalize_choices – Required to fetch the list of available incident states

Configure the integration

To create the integration in Grafana IRM:

1. In Grafana IRM, navigate to IRM > Integrations > Monitoring Systems
2. Click + New integration
3. Select ServiceNow from the list
4. Enter a name and description
5. Provide your ServiceNow instance URL, username, and password for the service accoun of your Grafana IRM user
6. Ensure Create default outgoing webhooks is enabled to create necessary webhooks in Grafana IRM for sending alerts to ServiceNow
7. Click Create integration

Map incident states

Define how ServiceNow incident states map to Grafana IRM alert group statuses.

Example mappings:

• Firing -> New
• Acknowledged -> In Progress
• Resolved -> Resolved
• Silenced -> Not Selected

You can customize these mappings based on your workflows.

Generate Business Rule script

To send updates from ServiceNow back to IRM, install a Business Rule script:

1. Generate a new ServiceNow Business Rule script and copy it to your clipboard
2. In ServiceNow, navigate to System Definition > Business Rules and click New
3. Fill in the following details:
   • Name: grafana-irm
   • Table: incident
   • Active: Enabled
   • Advanced: Enabled
   • When to run > When: before
   • When to run > Insert: Enabled
   • When to run > Update: Enabled
   • Advanced > Script: Paste the generated script
4. Click Submit to save the Business Rule

Then return to Grafana IRM and click Proceed to complete the setup.

Enable bidirectional note sync

When a resolution note is added to an alert group in IRM, it is sent as a work note to the linked ServiceNow incident.

When a work note is added to a ServiceNow incident, it is back-synced to the linked alert group as a resolution note.

The bidirectional note sync requires the Resolution note added webhook.

• If your integration was created in version v0.42.0 or later, the webhook is included by default.
• If created before v0.42.0, you must manually add the webhook:
  1. Open the ServiceNow integration in Grafana IRM.
  2. Go to the Outgoing tab.
  3. Add a new webhook with the trigger type Resolution note added.

Test the integration

1. Create an incident in ServiceNow
   • Verify that a new alert group appears in Grafana IRM
2. Acknowledge the alert group in Grafana IRM
   • Verify that the ServiceNow incident state is updated
3. Resolve the incident in ServiceNow
   • Verify that the alert group status in IRM is changed to Resolved

Connect other integrations

You can connect additional alert sources like Grafana Alerting or Alertmanager to your ServiceNow integration for centralized workflows.

• Alerts from connected integrations are forwarded to ServiceNow.
• If Backsync is enabled, updates in ServiceNow reflect in IRM and the connected integration.
• All connected integrations share the same ServiceNow credentials and outgoing webhooks.

To connect another integration:

1. In Grafana IRM, open your ServiceNow integration and go to the Outgoing tab
2. Under Send data from other integrations, select the integration you want to connect
3. Enable Backsync for bidirectional updates
   • If disabled, Grafana IRM will only send alerts to ServiceNow, but not receive updates back
4. Test by triggering a demo alert and verifying synchronization in both systems

Advanced usage

Customize outgoing webhooks

You can modify outgoing webhook behavior by editing them on the Outgoing tab.

Add custom incident fields

To include custom fields in ServiceNow incidents, update the Alert group created webhook’s Data template.

Example: Set the urgency field based on alert group labels:

JSON Copy

{
  ...,
  "urgency": "{{ alert_group.labels.urgency }}"
}

ServiceNow incident variables for notification templates

When you customize notification templates for ServiceNow integrations, you can include ServiceNow incident details using the following variables:

• {{ external_id }} – The ServiceNow incident ID.
• {{ external_link }} – A direct link to the ServiceNow incident in ServiceNow.

Related topics

• Grafana IRM integrations overview
• Configure outgoing webhooks
• Alert escalation and routing
• ServiceNow documentation