Schedule a Call
Schedule a Call

← Back to All Workflows

Automate ServiceNow Incident Alerts to Slack with n8n

This n8n workflow monitors new incidents in ServiceNow every 5 minutes and automatically posts detailed alerts to a Slack channel. It helps IT teams respond faster to incidents by eliminating manual monitoring and ensuring timely notifications.
serviceNow
slack
scheduleTrigger
+6
Download Workflow Free
Learn how to Build this Workflow with AI:
Workflow Identifier: 2296
NODES in Use: Manual Trigger, Schedule Trigger, Date & Time, ServiceNow, If, Sort, Slack, No Operation, Sticky Note

Press CTRL+F5 if the workflow didn't load.

Visit through Desktop for Best experience

Opening Problem Statement

Meet Lisa, an IT support manager responsible for monitoring incoming incidents in ServiceNow for a mid-sized technology firm. Every five minutes, she manually checks the system to identify any new issues reported by users. This manual process takes her 10 minutes each hour just to refresh, search, and filter incidents — a repetitive task prone to overlooking critical alerts when she’s handling other urgent tasks. Missed or delayed incident notifications have occasionally led to increased downtime, frustrated users, and escalated costs for the company.

Lisa needed a way to automatically detect new incidents as soon as they appear in ServiceNow and immediately notify her team in Slack with relevant incident details. This would reduce her constant monitoring burden and speed up incident response times.

What This Automation Does

This workflow built in n8n automates Lisa’s incident monitoring by:

  • Running automatically every 5 minutes to check for newly created incidents in ServiceNow.
  • Fetching only incidents created within the last 5 minutes to avoid duplicates and outdated alerts.
  • Sorting new incidents by their number to present them in a logical ascending order.
  • Posting detailed incident notifications directly to a specified Slack channel, including incident ID, description, severity, priority, state, category, caller, and date opened.
  • Providing a “View Incident” button in Slack that links directly to the incident’s ServiceNow page for quick follow-up.
  • Sending an error alert to Slack in case of any issues connecting to ServiceNow, ensuring immediate troubleshooting action.

Thanks to this automation, Lisa saves approximately 10 minutes every hour she spent manually monitoring, reduces human error, and gains peace of mind that all new incidents are promptly highlighted to her team.

Prerequisites ⚙️

  • n8n account — To create and run the workflow.
  • ServiceNow account with API access — For incident data retrieval, using basic authentication.
  • Slack workspace and Bot user with API token — To post messages into a designated Slack channel.
  • Credentials setup for ServiceNow Basic Auth and Slack API inside n8n.
  • Optional: self-hosted n8n instance if preferred for control over infrastructure (https://buldrr.com/hostinger).

Step-by-Step Guide

Step 1: Create the Automated Trigger Every 5 Minutes

Navigate to Triggers → Schedule Trigger, and set it to trigger every 5 minutes. This ensures the workflow runs continuously without you needing to start it manually.

You should see a schedule that repeats with an interval of 5 minutes.

Common mistake: forgetting to set the interval or accidentally using “seconds” instead of “minutes.”

Step 2: Calculate the Timestamp for 5 Minutes Ago

Add the Date & Time node, select the operation “Subtract From Date,” and configure it to subtract 5 minutes from the current UTC time using {{$now.toUTC()}}. Name the output field as queryDate.

This timestamp helps to filter only the incidents created within the last 5 minutes.

Expected outcome: node output with the correct queryDate timestamp.

Common mistake: using local time instead of UTC, which can cause mismatched data.

Step 3: Fetch New Incidents from ServiceNow

Use the ServiceNow node configured with your credentials. Set resource to “incident,” operation to “getAll,” and include a query filter:

sys_created_on>={{$json.queryDate}}

This command fetches incidents created since the calculated timestamp.

Make sure to enable “Display Value” to get human-readable fields.

Common mistake: query syntax errors or expired API credentials causing no results or errors.

Step 4: Check If Any New Incidents Exist

Add an If node to check if the incident ID field (sys_id) exists in the results.

If yes, the workflow will continue to notify the team. If no, it will end the process.

Expected behavior: branches correctly based on presence of new incidents.

Common mistake: incorrect field path in condition causing false negatives.

Step 5: Sort Incidents by Their Number

Use the Sort node and configure it to sort by the “number” field in ascending order.

This organizes the incidents logically before posting to Slack.

Common mistake: sorting on the wrong field or descending order.

Step 6: Post Incident Details to Slack

Add a Slack node configured with your Slack Bot API credentials. Select “Channel” and pick your incident notifications channel.

Use Slack Blocks to format the message, including: Incident ID, Description, Severity, Caller, Priority, State, Category, Date Opened, plus a “View Incident” button linking to the exact ServiceNow incident.

Example Slack Block JSON:

{
  "blocks": [
    {
      "type": "header",
      "text": {"type": "plain_text", "text": "ServiceNow Incident Notification", "emoji": true}
    },
    {
      "type": "section",
      "fields": [
        {"type": "mrkdwn", "text": "*Incident ID:*n{{ $('Get Incidents from ServiceNow').item.json.number }}"},
        {"type": "mrkdwn", "text": "*Description:*n{{ $('Get Incidents from ServiceNow').item.json.short_description }}"},
        {"type": "mrkdwn", "text": "*Severity:*n{{ $('Get Incidents from ServiceNow').item.json.severity }}"},
        {"type": "mrkdwn", "text": "*Caller:*n{{ $('Get Incidents from ServiceNow').item.json.caller_id.display_value }}"},
        {"type": "mrkdwn", "text": "*Priority:*n{{ $('Get Incidents from ServiceNow').item.json.priority }}"},
        {"type": "mrkdwn", "text": "*State:*n{{ $('Get Incidents from ServiceNow').item.json.incident_state }}"},
        {"type": "mrkdwn", "text": "*Category:*n{{ $('Get Incidents from ServiceNow').item.json.category }}"},
        {"type": "mrkdwn", "text": "*Date Opened:*n{{ $('Get Incidents from ServiceNow').item.json.opened_at }}"}
      ]
    },
    {
      "type": "actions",
      "elements": [{"type": "button", "text": {"type": "plain_text", "text": "View Incident", "emoji": true}, "url": "https://dev206761.service-now.com/nav_to.do?uri=incident.do?sys_id={{ $('Get Incidents from ServiceNow').item.json.sys_id }}", "action_id": "view_incident"}]
    }
  ]
}

Common mistake: incorrect Slack channel or missing permissions for the bot.

Step 7: Handle No New Incidents Case

Use a No Operation (NoOp) node to gracefully end the workflow if no new incidents are found.

This prevents unnecessary Slack messages or errors.

Step 8: Post Error Message to Slack on ServiceNow Connection Issues

Add a fallback Slack node that triggers only if the ServiceNow node fails (configured with “continue on error” on ServiceNow node). It sends an error alert message to your team channel alerting connection issues.

This proactive notification helps you react quickly to integration outages.

Common mistake: not setting the ServiceNow node to continue on error, which can stop the whole workflow.

Customizations ✏️

  • Change Notification Frequency: Modify the Schedule Trigger node’s interval to check every 1, 10, or 15 minutes if your team’s incident volume varies.
  • Additional Incident Details: Edit the Slack Block JSON payload to include more fields like “Assignment Group” or “Resolution Notes” if those are useful for your team.
  • Notify Multiple Channels: Duplicate the Slack node and configure another channel to notify different teams, such as a high-priority alert channel or a management channel.
  • Filter by Priority or Severity: Add an extra If node after fetching incidents to only pass through critical or high-priority incidents for alerting.

Troubleshooting 🔧

Problem: “No incidents found” even though there are recent incidents

Cause: Incorrect timestamp or query format in the ServiceNow node.

Solution: Check the Date & Time node output field queryDate and ensure the query is: sys_created_on>={{$json.queryDate}}. Also, confirm time zones are matching.

Problem: Slack messages not appearing in channel

Cause: Slack bot token missing permissions or channel ID incorrect.

Solution: Verify Slack bot permissions include chat:write and that the channel ID matches where the bot is invited.

Problem: Workflow stops on ServiceNow errors

Cause: ServiceNow node not configured to continue on error.

Solution: Enable “Continue On Fail” in the ServiceNow node to route errors to the error message Slack node instead of stopping the workflow.

Pre-Production Checklist ✅

  • Verify you have proper ServiceNow API credentials and Slack Bot API tokens set up in n8n credentials.
  • Test the Date & Time node outputs a valid UTC timestamp 5 minutes ago.
  • Manually trigger the workflow using the Manual Trigger node to ensure incidents fetch and Slack messages post correctly.
  • Validate Slack message formatting and link buttons.
  • Test error path by temporarily invalidating ServiceNow credentials to confirm Slack error notifications.

Deployment Guide

Once tested, activate the Schedule Trigger node to run the workflow every 5 minutes automatically.

Monitor the workflow run logs in n8n for any errors or connection failures.

If deploying in production environments, set up monitoring and alerting on n8n instance health and node execution status to ensure uptime.

FAQs

Q: Can I use OAuth instead of Basic Auth for ServiceNow?
A: Yes, n8n supports various authentication methods. You can configure OAuth credentials in the ServiceNow node for added security.

Q: Does posting to Slack consume API credits?
A: Slack API usage is generally free at a generous tier, but heavy usage might hit rate limits — monitor accordingly.

Q: Is my incident data safe in this workflow?
A: All data is transmitted securely via API credentials within n8n. Ensure your n8n instance is secured, especially if self-hosted.

Q: Can this workflow handle high volumes of incidents?
A: The workflow’s design is scalable but you may need to adjust the schedule interval and Slack message limits based on volume.

Conclusion

By following this guide, you’ve built an automated incident monitoring workflow that checks for new ServiceNow incidents every 5 minutes and posts detailed alerts to Slack. This allows IT teams like Lisa’s to respond quickly to incidents, eliminating manual monitoring and reducing reaction times.

Overall, you save roughly 10 minutes per hour in manual work, dramatically lower human error chances, and improve communication flow for faster incident resolution.

Next, consider expanding this workflow to automate ticket updates, integrate with other messaging tools, or add escalation rules based on incident severity — all easily achievable with n8n’s versatile nodes. Happy automating!

Learn by Category

Sales →
Productivity →
Social →
Finance →
Marketing →
Content→
Recruitment →
Security →
SEO →
CRM →
Development →
Ecommerce →

Related Workflows

Automate Viral UGC Video Creation Using n8n + Degaus (Beginner-Friendly Guide)

Learn how to automate viral UGC video creation using n8n, AI prompts, and Degaus. This beginner-friendly guide shows how to import, configure, and run the workflow without technical complexity.
Form Trigger
Google Sheets
Gmail
+37
Free

AI SEO Blog Writer Automation in n8n (Beginner Guide)

A complete beginner guide to building an AI-powered SEO blog writer automation using n8n.
AI Agent
Google Sheets
httpRequest
+5
Free

Automate CrowdStrike Alerts with VirusTotal, Jira & Slack

This workflow automates processing of CrowdStrike detections by enriching threat data via VirusTotal, creating Jira tickets for incident tracking, and notifying teams on Slack for quick response. Save hours daily by transforming complex threat data into actionable alerts effortlessly.
scheduleTrigger
httpRequest
jira
+5
Free

Automate Telegram Invoices to Notion with AI Summaries & Reports

Save hours on financial tracking by automating invoice extraction from Telegram photos to Notion using Google Gemini AI. This workflow extracts data, records transactions, and generates detailed spending reports with charts sent on schedule via Telegram.
lmChatGoogleGemini
telegramTrigger
notion
+9
Free

Automate Email Replies with n8n and AI-Powered Summarization

Save hours managing your inbox with this n8n workflow that uses IMAP email triggers, AI summarization, and vector search to draft concise replies requiring minimal review. Automate business email processing efficiently with AI guidance and Gmail integration.
emailReadImap
vectorStoreQdrant
emailSend
+12
Free

Automate Email Campaigns Using n8n with Gmail & Google Sheets

This n8n workflow automates personalized email outreach campaigns by integrating Gmail and Google Sheets, saving hours of manual follow-up work and reducing errors in email sequences. It ensures timely follow-ups based on previous email interactions, optimizing communication efficiency.
googleSheets
gmail
code
+5
Free
Load More