Spread our blog

Hi guys!!

Hope everyone is having a good time.

We know that it’s winter so we have come up with a warm blog post for you, this post walks you through the integration of ServiceNow account with Splunk.

ServiceNow is a platform that offers IT Service Management (ITSM) as a cloud based solution.

We are using a ServiceNow Dev Instance (New York) to show this integration.

Step 1: Download and Install the Splunk Add-on for ServiceNow.

>> Goto https://splunkbase.splunk.com/app/1928/ and using your Splunk Credentials download this add-on.

>>  Navigate to manage apps on the Splunk Instance you want to install this add-on and select the option install app from file.

>> Restart Splunk for the installation to complete.

>> Now you can find the add-on you just installed in the Apps section of Splunk.

Step 2: Configure the Add-on

>> Click on the add-on to get its’s interface.

>> Select Configuration

>> Click on the Add button on the right hand side.

You will get a pop-up form as shown below,

Account Name: Give a suitable account name for your connection.

URL : This will be the URL of your ServiceNow Instance.

Username : The username to access the ServiceNow Instance.

Password: The Password for this username.

>> Click on Update

Step 3 (If applicable) : Set up the proxy configuration.

Step 4 (Optional) : If you want to change the logging level for this add-on select the Logging option and set as required, by default it’s set to INFO.

Step 5 : Select the Inputs option.

>> Click on Create New Input

You can also know about :  Splunk Infrastructure Monitoring Solution: Windows Platform Integration (Part-II)

Input name : Provide a suitable name for your input.

Account : Select the ServiceNow account (the account you created earlier).

Collection interval : Set the frequency at which the add-on communicates with ServiceNow.

Table to collect data from : Select the serviceNow database table from where you want to bring the data to Splunk.

NOTE: We have taken the incident table here to show you as an example.

Excluded properties(Optional) : Mention the properties you don’t want to fetch from the database table.

Time field of the table : Mention the time column name in your database table, defaults to sys_updated_on.

Start date : Mention explicitly the timestamp from when you want to fetch the entries from the ServiceNow DB table. Should be in ‘YYYY-MM-DD hh:mm:ss’ (UTC) format, defaults to 1 year ago.

ID field : Select the Primary key for your table.

Filter Parameters (Optional) : Mention the specific key-value pairs in a comma separated format that you want to index to splunk.

Index : Select the index where you want to store this data.

Step 6 : Create an Incident in ServiceNow.

Step 7 : Query the Index (main, in our case) to verify the Integration.

This is how we integrate ServiceNow (SNOW) with Splunk.  Hope you have got to know the step by step process of Integrating ServiceNow with Splunk.

Happy Splunking !!

What’s your Reaction?

Spread our blog


Please enter your comment!
Please enter your name here