Query for Events
Focus
Focus

Query for Events

Table of Contents

Query for Events

Once the ServiceNow configuration is extracted, the CloudBlade queries for events using the following API query:
events_query_payload = { "limit": { "count": 100, "sort_on": "time", "sort_order": "descending" }, "query": { "code": event_codes }, "severity": [], "start_time":start_time}
Here, the event_codes is a list of event codes configured on the UI. Once the events are retrieved, they are mapped against an internal database to check if a ticket is already created in ServiceNow. If the event is cleared and a ticket exists, the ticket is set to Resolved in ServiceNow. If the ticket does not exist on ServiceNow, the event is ignored. If the clear is set to False, a new ticket is created in ServiceNow.