Service Now Incident Management using Powershell

Posted on

IT Incident Management using Service Now tool is very common in most organizations now-a-days. Service Now is one of leading ITSM tool available in market. Few months back, I was tasked with automating some of our Service administration process.While automating server process of server administration, I started exploring options to automate Incident management using Powershell. Service Now provides a rich set of APIs to manage different services they provide.Refer Service Now documentation on APIs. I will talk about few of those in my blogs here.

There are certain fields in an Incident form defined as mandatory, and it may vary from organization to organization. For the example I will share today, I am assuming Configuration Item(CI) id of the object for which I am creating this Incident is mandatory. Apart from it, I am also assuming , an Assignment Group, Category etc. as mandatory fields in this example. To run this script you need an user id and password with Service Now API access. You will also need Service Now API urls for Incident Management CMDB CI (I will retrieve the sys_id of the object using it).

Let’s start scripting now. First define your credentials and API URLs for Service Now. 

$SNowUser = "service now rest api user id"
$SNowPass = "service now rest api user password"
$Incuri = "https://<COMPANY SERVICENOW INSTANCE NAME>.service-now.com/api/now/table/incident"
$header = @{"Authorization" = "Basic "+[System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($SNowUser+":"+$SNowPass))}

Now, we have the Service Now object , example, server name for which this incident will be created. This object must be in Service Now CMDB, to retrieve the Sys_id(Configuration Item). Let’s retrieve it from Service Now using CMDB api and Powershell.

$serverName = "Server Name for which we are creating this Incident"
$cmdburi = "https://<COMPANY SERVICENOW INSTANCE NAME>.service-now.com/api/now/table/cmdb_ci?sysparm_query=nameLIKE"+$serverName
$result = Invoke-WebRequest -Uri $cmdburi -Headers $header -Method Get -ContentType "application/json"
$ciOut = $result | ConvertFrom-JSON
$sysid = $ciOut.result.sys_id

Finally, we will create the body of the Incident request by creating a JSON content with mandatory fields to be entered for a new Incident. After that, we will make api call to create the incident in Service Now. Take a note of api action method. As we are creating a new Incident, it is a “post” method for the REST api. Let’s do that now.

$method = "post"
$body = @{
u_assignment_group = “COOL SERVER TEAM”
u_short_description = "Looks like some trouble on Server $serverName."
u_configuration_item = $sysid
u_description = "Looks like some trouble on Server $serverName."
u_impact = 3
u_urgency = 2
u_category = "Server Support"
}
$bodyJson = $body | ConvertTo-Json

$post = Invoke-WebRequest -Uri $Incuri -Headers $header -Method $method -Body $bodyJson  -ContentType "application/json"
$IncOut = $post | ConvertFrom-JSON
$IncOut.result.Number

The final statement above will print the incident number created . You can do whatever you want to do with it , like sending email , entering it in a database for record etc. This is absolutely optional.

Ok, so far so good. We have created the incident and got the incident number printed. Now, we have worked on the issue described in the incident(in some automated fashion – that’s the goal of automation) and it’s time to make some update to the incident. May be change the state or enter some work note performed to troubleshoot the issue.

Now, it’s time to work on updating the incident. To update an incident, you need to have the incident number handy. In this example, we will put some notes , as what we did to troubleshoot the issue. We still need to define Service Now credentials , header and uri as we did earlier. We will not repeat this again. Next, define the JSON body for incident note, which we will update in the incident. Make sure to enter the correct state based on allowed state options.

$body = @{
u_work_notes = "This is an update to the Incident by some automated system. We did some magic and the issue is fixed now. Enjoy!"
u_state = "Work In Progress" 
u_number = "INCXXXXXXX"
}
$bodyJson = $body | ConvertTo-Json

We will now make the REST api call to update the incident using the JSON created earlier. Again, this is a post method.So, if you have already defined the variable , no need to change it. 

$Incresult = Invoke-WebRequest -Uri $Incuri -Headers $header -Method $method -Body $bodyjson -ContentType "application/json"
$IncOut = $Incresult | ConvertFrom-JSON
$IncOut.result

If the operation is successful, it will return a 200 return code.

At last, we are done with the issue. We fixed it! let’s resolve the incident using powershell. It’s mostly same, except changing the state to correct value. If your organization has some mandatory fields to be completed before you actually resolve it, you need to find out those and add to JSON data.

$body = @{
u_work_notes = "Issue fixed. Resolving the incident. No more action required!"
u_state = "Resolved"
u_number = "INCXXXXXXX"
}
$bodyJson = $body | ConvertTo-Json

$Incresult = Invoke-WebRequest -Uri $Incuri -Headers $header -Method $method -Body $bodyjson -ContentType "application/json"
$IncOut = $Incresult | ConvertFrom-JSON
$IncOut.result

That’s it! Let me know if this is helpful. You may post your comments in the comment section of this blog.