Integrations & Notifications Summary Integration & Notifications Options are Available in the Settings Section Notifications are a great way to stay on top of Sophie's interesting incidents. Of course, you can always log in to Loom and review the alerts, but it tends to be more convenient to have alerts come to you. You can configure Loom to alert you on notable events through your pre-existing notification system. Loom supports the following integrations: EmailSlackSNS by AmazonPagerDutySNS++WebhookServiceNow You can configure Sophie to send notifications to one or more of the platforms mentioned above. Please keep in mind that the integration with email and Slack will allow you to interact with the alerts sent from Sophie (mute, raise or remove the alert from the feed) ReleaseSophie Standalone 3.4.x-3.7.x Instructions Setup Navigate to Settings > Integrations to select an integration to add. ] Make sure to fill in the technical details such as WebHook url, credentials, etc. as needed. Once the integration has been created, use the Notifications screen (Also located under Settings > Notifications) to subscribe to the specific type of alerts / incidents you want to be notified about, and select the proper channel for each one of them. Notification Types You can configure the following Notification Types: ● SourceType Issues Notifications ● Mapping and Streaming Notifications ● Operational Notifications ● General Error Notifications Source Type Issues Notifications Too many parsing errors - Notify when too many Javascript errors occurred Unclassified Event Broker Error Too many new patterns created - Notify when too many new patterns are being created Too many timestamp parsing errors - Notify when too many events are being dropped due to timestamp extractions failures Too many new raw metrics - Notify when too many sources are being created An index holds too many properties - Notify via when a specific elastic index holds too many properties Max Properties Per Event Exceeded - Notify via when a too many events exceed the allowed number of properties and therefore are being dropped Mapping & Streaming Notifications Events dropped due to retention settings - Notify when too many events are being dropped due to retention settings Too many sources created - Notify when too many events are being dropped due to timestamp extractions failures Too many source types created - Notify when too many source types are being created Too many events exceed max length - Notify when a too many events exceed the allowed number of characters and therefore are being dropped Too many streams exceed max length - Notify when too many events being sent to the data input exceed the allowed number of characters and therefore are being dropped Operations Notifications New Source - Notify when a new source is created Dead Source - Notify when a source is not streaming data New Incident - Notify when a new incident was created Incident Updated - Notify when an incident was updated Incident Resolved - Notify when an incident was resolved General Error Notifications Fatal Error - Notify when a fatal error is encountered Execution Timeout - Notify when an execution has timed out Queues are full - Notify when a too many events are being dropped due to full queues Too Many Replacement Timeout Stack overflow error - Notify when StackOverflowError was occurred as a result of wrong use of regular expression Extractor Error - Notify when too many events are being discarded due to auto extractor error Problematic component detected - Notify when Sophie isn't keeping up with the data System When configuring a notification for 'New Incident' you should also specify the 'Applications' you want to be notified about and the 'Minimum Severity'. Please note: Using the "advance mode" toggle allows to configure alerts to be sent to specific emails or specific Slack channels. ServiceNow Auto Ticketing Integration To configure the integration, access Settings > Settings > Integration > ServiceNow You’ll need fill the following information in the form: Host (full URL of ServiceNow environment) Username and Password (Admin account in ServiceNow) In addition to standard fields we can also pass along custom field values Navigate to Settings > Settings > Settings > System > servicenow.meta_fields Additional fields can be added to the JSON we pass over to ServiceNow in this field For tickets to be automatically generated when an alert is populated, we need tags Tags allow for incidents within Sophie to be created into ServiceNow incidents without user intervention To define a tag, navigate to Settings > Anomaly Detection > Auto Tickets > + Add New Here we need to fill out the name of the tag and associate it with an assignment group within ServiceNow Next, we need to create an automation rule An automation rule allows for a tag to be associated with an incident in Sophie based on any key value pairs within the incident. It is extremely flexible due to the use of JavaScript for rule creation. To create a rule navigate to Navigate to Settings > Anomaly Detection > Auto Tickets > Automation Rules > + Add New Related LinksOutgoing Webhook Integration - KB0822581 Connecting Loom Predictive Intelligence to ServiceNow Event Management - KB0830885