Skip to main content

Set Up ServiceNow Connections


There are two ServiceNow connections available in Sumo Logic.

  • ServiceNow can create¬†Events¬†or¬†ITSM¬†Incidents.
  • ServiceNow (Legacy) is the older connection and only creates Events in ServiceNow.

If you are interested in creating Security Incidents, see Set Up a ServiceNow Security Incident Webhook Connection.

A Webhook is an HTTP callback: an HTTP POST that occurs when something happens. Webhook connections allow you to send Sumo Logic alerts to third-party applications that accept incoming Webhooks.

An incident is an unplanned interruption that has occurred in your business and this is reported in ServiceNow via an ITSM incident.


Before setting up ServiceNow integration, contact your ServiceNow account manager to make sure that your organization has a subscription for Event Management.

To configure a Webhook connection, you must have a Sumo Logic role that grants you the Manage connections capability.

Set up a ServiceNow connection‚Äč

To set up a ServiceNow Webhook connection:

  1. Go to Manage Data > Monitoring > Connections.
  2. On the Connections page click Add.
  3. For Connection Type, select ServiceNow.
    serviceNow icon.png
  4. In the Create Connection dialog, enter the Name of the connection.
  5. (Optional) Enter a Description for the connection.
  6. For URL, enter one of the following based on whether you want to create Events or Incidents: 
    • To create ServiceNow ITSM Incidents,¬†enter the¬†URL¬†for the ServiceNow Incident endpoint.¬†
    • To create Events, copy your organization's ServiceNow URL, which can be found at the top of any ServiceNow web page, then paste it in the URL¬†text box. After pasting the URL, type¬†/api/now/table/em_event¬†to enable data to be uploaded from¬†Sumo Logic¬†to ServiceNow.

      Only HTTPS (port 443) and HTTP (port 80) URLs are supported.

  7. Authentication can be done with a Username and Password or an Authorization Header.
    • Use the¬†Username¬†and¬†Password¬†used to log in to¬†ServiceNow.
    • See how to set an¬†Authorization Header.
  8. Set the Type to Events or Incidents based on what you want to create. This needs to align with the URL you provided.
  9. (Optional) Custom Headers, enter up to five comma separated key-value pairs.
  10. For Alert Payload, which allows you to customize how the alert notification look in ServiceNow, enter a JSON object that defines the structure of what you want to send to ServiceNow. For details on variables that can be used as parameters within your JSON object, see webhook payload variables. 
  11. For Recovery Payload, which allows you to customize how the recovery notification look in ServiceNow, enter a JSON object that defines the structure of what you want to send to ServiceNow. 
  12. Click Save.
  13. To send alerts to this connection, follow these steps:
    1. Testing the connection.
    2. Create a Monitor.

Test¬†the connection‚Äč

After configuring the connection, click Test Alert or Test Recovery. If the connection is made, you will see a 201 OK response message.

If the connection is successful, you'll see an event or incident created in ServiceNow. There won't contain any information from the scheduled search, it will just have the text in the payload.

ServiceNow ITSM Incident Import Table Fields‚Äč

To determine the available fields and generate a sample payload for ServiceNow ITSM Incidents see the ServiceNow documentation.

Once you are satisfied with the payload, copy the payload into the Sumo Logic payload field under the Webhook connection.

Incidents for Domain Separation¬†‚Äč

With domain separation in ServiceNow, you can separate data, processes, and administrative tasks into logically defined domains. To send ITSM incidents to the right domain, as part of the Webhook payload, send ‚Äúcompany‚ÄĚ as part of the payload and set it to your customer‚Äôs company sysid (32-bit GUID) to ensure the incident is inserted in the proper ServiceNow domain. You will also need to ensure the following:

  1. Business rules are running for your import set as documented here. 
  2. The company field in the import map is set to reject if the company name doesn’t exist as documented here. 

Set up a ServiceNow (Legacy) connection‚Äč

The first step for integrating ServiceNow with Sumo Logic is to configure one or more connections, which are HTTP endpoints that tell Sumo Logic where to send data. You can set up any number of connections, depending on your organization's needs.

  1. In Sumo Logic, go to Manage Data > Monitoring > Connections.
  2. On the Connections page, click Add.
  3. For Connection Type, select ServiceNow (Legacy).
    serviceNow legacy icon.png
  4. In the Create Connection dialog box, enter the Name of the connection.
  5. Optional: Enter a Description for the connection.
  6. Enter the Username and Password used to log in to ServiceNow.
  7. For URL, copy your organization's ServiceNow URL, which can be found at the top of any ServiceNow web page, then paste it in the URL text box. After pasting the URL, type /api/now/table/em_event to enable data to be uploaded from Sumo Logic to ServiceNow.
  8. Click Save. The connection displays.

Edit connections‚Äč

Existing connections can be edited at any time through the Manage Data > Monitoring > Connections page.

  1. Click Edit to the right of the name of the connection.
  2. Make any changes to the information, then click Save.
Privacy Statement
Terms of Use

Copyright © 2023 by Sumo Logic, Inc.