Connect Azure to ITSM tools by using IT Service Management
This article provides information about how to configure IT Service Management Connector (ITSMC) in Log Analytics to centrally manage your IT Service Management (ITSM) work items.
Install IT Service Management Connector
Before you create a connection, install ITSMC.
In the Azure portal, select Create a resource.
Search for IT Service Management Connector in Azure Marketplace. Then select Create.
In the Azure Log Analytics Workspace section, select the Log Analytics workspace where you want to install ITSMC.
Note
You can install ITSMC in Log Analytics workspaces only in the following regions: East US, West US 2, South Central US, West Central US, US Gov Arizona, US Gov Virginia, Canada Central, West Europe, South UK, Southeast Asia, Japan East, Central India, and Australia Southeast.
In the Azure Log Analytics Workspace section, select the resource group where you want to create the ITSMC resource.
Note
As part of the ongoing transition from Microsoft Operations Management Suite to Azure Monitor, Operations Management workspaces are now called Log Analytics workspaces.
Select OK.
When the ITSMC resource is deployed, a notification appears in the upper-right corner of the screen.
Create an ITSM connection
After you've installed ITSMC, and prepped your ITSM tool, create an ITSM connection.
Configure ServiceNow to allow the connection from ITSMC.
In All resources, look for ServiceDesk(your workspace name).
Under Workspace Data Sources on the left pane, select ITSM Connections.
Select Add Connection.
Specify the ServiceNow connection settings.
By default, ITSMC refreshes the connection's configuration data once every 24 hours. To refresh your connection's data instantly to reflect any edits or template updates that you make, select the Sync button on your connection's pane.
Create ITSM work items from Azure alerts
After you create your ITSM connection, use the ITSM action in action groups to create work items in your ITSM tool based on Azure alerts. Action groups provide a modular and reusable way to trigger actions for your Azure alerts. You can use action groups with metric alerts, activity log alerts, and log search alerts in the Azure portal.
Note
Wait 30 minutes after you create the ITSM connection for the sync process to finish.
Define a template
Certain work item types can use templates that you define in ServiceNow. When you use templates, you can define fields that will be automatically populated by using constant values defined in ServiceNow (not values from the payload). The templates are synced with Azure. You can define which template you want to use as a part of the definition of an action group. For information about how to create templates, see the ServiceNow documentation.
Create ITSM work items
To create an action group:
In the Azure portal, select Monitor > Alerts.
On the menu at the top of the screen, select Manage actions.
On the Action groups screen, select +Create. The Create action group screen appears.
Select the Subscription and Resource group where you want to create your action group. Enter values in Action group name and Display name for your action group. Then select Next: Notifications.
On the Notifications tab, select Next: Actions.
On the Actions tab, select ITSM in the Action type list. For Name, provide a name for the action. Then select the pen button that represents Edit details.
In the Subscription list, select the subscription that contains your Log Analytics workspace. In the Connection list, select your ITSM Connector name. It will be followed by your workspace name. An example is MyITSMConnector(MyWorkspace).
In the Work Item type field, select Incident.
Note
As of September 2022, we are starting the 3-year process of deprecating support for using ITSM actions to send alerts and events to ServiceNow. For information on the deprecated behavior, see Use Azure alerts to create a ServiceNow alert or event work item. As of October 2023, we are not supporting UI creation of connector for using ITSM actions to send alerts and events to ServiceNow. Until full deprecation the action creation should be by API.
In the last section of the interface for creating an ITSM action group, if the alert is a log search alert, you can define how many work items will be created for each alert. For all other alert types, one work item is created per alert.
You can configure predefined fields to contain constant values as a part of the payload. Three options can be used as a part of the payload:
- None: Use a regular payload to ServiceNow without any extra predefined fields and values.
- Use default fields: Use a set of fields and values that will be sent automatically as a part of the payload to ServiceNow. Those fields aren't flexible, and the values are defined in ServiceNow lists.
- Use saved templates from ServiceNow: Use a predefined set of fields and values that were defined as a part of a template definition in ServiceNow. If you already defined the template in ServiceNow, you can use it from the Template list. Otherwise, you can define it in ServiceNow. For more information, see define a template.
Select OK.
When you create or edit an Azure alert rule, use an action group, which has an ITSM action. When the alert triggers, the work item is created or updated in the ITSM tool.
Note
For information about the pricing of the ITSM action, see the pricing page for action groups.
The short description field in the alert rule definition is limited to 40 characters when you send it using the ITSM action.
If you have policies for inbound traffic for your ServiceNow instances, add ActionGroup service tag to allowList.
Notice that when you are defining a query in Log Search alerts you need to have in the query result the Configuration items names with one of the label names "Computer", "Resource", "_ResourceId" or "ResourceId”. This mapping will enable to map the configuration items to the ITSM payload