Hi guys!!
Hope everyone is having a good time.
We know that it’s winter so we have come up with a warm blog post for you, this post walks you through the integration of ServiceNow account with Splunk.
ServiceNow is a platform that offers IT Service Management (ITSM) as a cloud based solution.
We are using a ServiceNow Dev Instance (New York) to show this integration.
Step 1: Download and Install the Splunk Add-on for ServiceNow.
>> Goto https://splunkbase.splunk.com/app/1928/ and using your Splunk Credentials download this add-on.
>> Navigate to manage apps on the Splunk Instance you want to install this add-on and select the option install app from file.
>> Restart Splunk for the installation to complete.
>> Now you can find the add-on you just installed in the Apps section of Splunk.
![](https://i0.wp.com/splunkonbigdata.com/wp-content/uploads/2020/02/image1-1.png?fit=840%2C383&ssl=1)
Step 2: Configure the Add-on
>> Click on the add-on to get its’s interface.
![](https://i2.wp.com/splunkonbigdata.com/wp-content/uploads/2020/02/image2-2.png?fit=840%2C310&ssl=1)
>> Select Configuration
>> Click on the Add button on the right hand side.
You will get a pop-up form as shown below,
![](https://i2.wp.com/splunkonbigdata.com/wp-content/uploads/2020/02/image3.png?fit=840%2C368&ssl=1)
Account Name: Give a suitable account name for your connection.
URL : This will be the URL of your ServiceNow Instance.
Username : The username to access the ServiceNow Instance.
Password: The Password for this username.
![](https://i1.wp.com/splunkonbigdata.com/wp-content/uploads/2020/02/1234.png?resize=604%2C208&ssl=1)
>> Click on Update
Step 3 (If applicable) : Set up the proxy configuration.
Step 4 (Optional) : If you want to change the logging level for this add-on select the Logging option and set as required, by default it’s set to INFO.
Step 5 : Select the Inputs option.
>> Click on Create New Input
Input name : Provide a suitable name for your input.
Account : Select the ServiceNow account (the account you created earlier).
Collection interval : Set the frequency at which the add-on communicates with ServiceNow.
Table to collect data from : Select the serviceNow database table from where you want to bring the data to Splunk.
NOTE: We have taken the incident table here to show you as an example.
Excluded properties(Optional) : Mention the properties you don’t want to fetch from the database table.
Time field of the table : Mention the time column name in your database table, defaults to sys_updated_on.
Start date : Mention explicitly the timestamp from when you want to fetch the entries from the ServiceNow DB table. Should be in ‘YYYY-MM-DD hh:mm:ss’ (UTC) format, defaults to 1 year ago.
ID field : Select the Primary key for your table.
Filter Parameters (Optional) : Mention the specific key-value pairs in a comma separated format that you want to index to splunk.
Index : Select the index where you want to store this data.
![](https://i2.wp.com/splunkonbigdata.com/wp-content/uploads/2020/02/image6.png?fit=840%2C363&ssl=1)
![](https://i2.wp.com/splunkonbigdata.com/wp-content/uploads/2020/02/image8.png?fit=840%2C354&ssl=1)
Step 6 : Create an Incident in ServiceNow.
![](https://i1.wp.com/splunkonbigdata.com/wp-content/uploads/2020/02/image9.png?fit=840%2C263&ssl=1)
Step 7 : Query the Index (main, in our case) to verify the Integration.
![](https://i2.wp.com/splunkonbigdata.com/wp-content/uploads/2020/02/image10.png?fit=840%2C383&ssl=1)
This is how we integrate ServiceNow (SNOW) with Splunk. Hope you have got to know the step by step process of Integrating ServiceNow with Splunk.
Happy Splunking !!