SolarWinds to ServiceNow Event Integration Field Map

A SolarWinds integration can be technically connected and still operationally broken. The difference is field quality: CI, resource, source, severity, node state, and assignment ownership.

Quick answer: Treat SolarWinds as the monitoring source, normalize node and resource fields before binding, and never let a missing CI silently create an incident without a data-quality flag.

Recommended field map

SolarWinds concept	ServiceNow target	Notes
Node caption / node name	CI lookup key	Normalize FQDN versus short name.
Application, component, interface, volume	Resource	Needed for grouping and diagnosis.
Alert name / trigger name	Message key / alert name	Use a stable value, not a noisy sentence.
Severity	Severity	Translate to your operational scale.
Node status	Additional info	Preserve retired, unmanaged, or non-operational state.

Handling non-operational CIs

Dropping all events for non-operational CIs can hide real monitoring gaps. Creating normal incidents for retired devices can flood teams. A safer path is to create a specific rule path: bind the CI when possible, mark the CI lifecycle state in additional info, route to monitoring hygiene or SysOps, and track as a cleanup issue.

if ci.operational_status != "Operational" then
  event.additional_info.lifecycle_warning = "CI still monitored but not operational"
  event.assignment_group = "Monitoring Hygiene"
  event.impact = "Review monitoring/CMDB lifecycle mismatch"
end

Message key design

The message key should be stable enough to group repeats but specific enough to avoid hiding separate issues.

message_key = source + "|" + node + "|" + resource + "|" + alert_type

Testing before production

Replay a sample of the top 50 SolarWinds alerts.
Confirm CI binding results.
Confirm unknown and retired CI handling.
Confirm production versus non-production routing.
Confirm clear events close or resolve the matching alert.

Bad sign: If everything lands as “Other,” the integration is not ready for automated incident creation.

About the author

Jason Purvis works in enterprise monitoring and IT operations, with hands-on experience across ServiceNow ITOM/Event Management, SolarWinds-style infrastructure monitoring, Microsoft 365 operations, alert routing, and incident process improvement.