davelee212 · July 14, 2025 23:06
diff --git a/lm-servicenow-incidents b/lm-servicenow-incidents



 $company = "your-lm-company"  # Replace with your LogicMonitor company name
 $bearerToken = "your-lm-bearer-token" # replace with your LM bearer token
 $daysAgo = 2  # Number of days to look back for alerts

 # calculates the epoch time for the start of the query
 $startEpoch = (Get-Date (Get-Date).AddDays(-$daysAgo) -UFormat %s) 

 # query string includes the ##EXTERNALTICKETID# custom column and filters for alerts created after the startEpoch.  
 # This Will get the first 1000 results, you'll need to put a loop in to handle paging if you expect  more than that.
 $queryString = ('?customColumns=%23%23EXTERNALTICKETID%23%23&size=1000&offset=0&filter=startEpoch>:' + $startEpoch)

 $headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
 $headers.Add("Authorization","Bearer $bearerToken")
 $headers.Add("X-Version",'3')
 $headers.Add("Content-Type",'application/json')

 $alerts = (Invoke-RestMethod -Uri "https://$company.logicmonitor.com/santaba/rest/alert/alerts$queryString" -Method "GET" -Headers $headers).items

 # Filter the alerts to only include those that went to a rule where the name includes "Service Now" and that were not suppressed (e.g. not SDT at the time)
 # Does a bit of manipulation to extract the ServiceNow Incident ID from the custom column ##EXTERNALTICKETID##
 $alerts | where-object {$_.rule -like "*Service Now*" -And !($_.suppressor)} | Select-Object `
    @{Name="Alert ID";Expression={$_.id}}, `
    @{Name="InternalId";Expression={$_.InternalId}}, `
    @{Name="External_Ticket_ID_RAW";Expression={$_.customColumns.'##EXTERNALTICKETID##'}}, `
    @{Name="SNOWIncidentId";Expression={$_.customColumns.'##EXTERNALTICKETID##'.split(':')[1].trim()}}, `
    @{Name="SNOWLinks";Expression={$_.alertExternalTicketUrl.'servicenowIncidentLinks'}}



	$company = "your-lm-company" # Replace with your LogicMonitor company name
	$bearerToken = "your-lm-bearer-token" # replace with your LM bearer token
	$daysAgo = 2 # Number of days to look back for alerts

	# calculates the epoch time for the start of the query
	$startEpoch = (Get-Date (Get-Date).AddDays(-$daysAgo) -UFormat %s)

	# query string includes the ##EXTERNALTICKETID# custom column and filters for alerts created after the startEpoch.
	# This Will get the first 1000 results, you'll need to put a loop in to handle paging if you expect more than that.
	$queryString = ('?customColumns=%23%23EXTERNALTICKETID%23%23&size=1000&offset=0&filter=startEpoch>:' + $startEpoch)

	$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
	$headers.Add("Authorization","Bearer $bearerToken")
	$headers.Add("X-Version",'3')
	$headers.Add("Content-Type",'application/json')

	$alerts = (Invoke-RestMethod -Uri "https://$company.logicmonitor.com/santaba/rest/alert/alerts$queryString" -Method "GET" -Headers $headers).items

	# Filter the alerts to only include those that went to a rule where the name includes "Service Now" and that were not suppressed (e.g. not SDT at the time)
	# Does a bit of manipulation to extract the ServiceNow Incident ID from the custom column ##EXTERNALTICKETID##
	$alerts \| where-object {$_.rule -like "Service Now" -And !($_.suppressor)} \| Select-Object `
	@{Name="Alert ID";Expression={$_.id}}, `
	@{Name="InternalId";Expression={$_.InternalId}}, `
	@{Name="External_Ticket_ID_RAW";Expression={$_.customColumns.'##EXTERNALTICKETID##'}}, `
	@{Name="SNOWIncidentId";Expression={$_.customColumns.'##EXTERNALTICKETID##'.split(':')[1].trim()}}, `
	@{Name="SNOWLinks";Expression={$_.alertExternalTicketUrl.'servicenowIncidentLinks'}}
No results found