topic Multiple incident creation on servicenow through splunk in Splunk Enterprise Security https://community.splunk.com/t5/Splunk-Enterprise-Security/Multiple-incident-creation-on-servicenow-through-splunk/m-p/534350#M9598 <DIV><DIV>Hi All,&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/136781">@renjith_nair</a></DIV><DIV><DIV>&nbsp;</DIV><DIV><DIV>I'm working on a requirement to create a Splunk Alert which triggers/Creates the Incident in Service Now portal.<BR />I want the alert to create multiple incidents for each result.<BR />My Findings : The alert creates Single Incident with multiple events for each result in ServiceNow.<BR />Requirement : Alert should be able to create Incident for each result in ServiceNow.</DIV><DIV>How can this be achieved?</DIV></DIV></DIV></DIV> Tue, 29 Dec 2020 13:14:35 GMT yashaswinig2210 2020-12-29T13:14:35Z Multiple incident creation on servicenow through splunk https://community.splunk.com/t5/Splunk-Enterprise-Security/Multiple-incident-creation-on-servicenow-through-splunk/m-p/534350#M9598 <DIV><DIV>Hi All,&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/136781">@renjith_nair</a></DIV><DIV><DIV>&nbsp;</DIV><DIV><DIV>I'm working on a requirement to create a Splunk Alert which triggers/Creates the Incident in Service Now portal.<BR />I want the alert to create multiple incidents for each result.<BR />My Findings : The alert creates Single Incident with multiple events for each result in ServiceNow.<BR />Requirement : Alert should be able to create Incident for each result in ServiceNow.</DIV><DIV>How can this be achieved?</DIV></DIV></DIV></DIV> Tue, 29 Dec 2020 13:14:35 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Multiple-incident-creation-on-servicenow-through-splunk/m-p/534350#M9598 yashaswinig2210 2020-12-29T13:14:35Z Re: Multiple incident creation on servicenow through splunk https://community.splunk.com/t5/Splunk-Enterprise-Security/Multiple-incident-creation-on-servicenow-through-splunk/m-p/535059#M9607 <P>After creating the correlation search and alert action to be service now incident,</P><P>goto setting-&gt; search,reports and alerts, find you search. Click on it, scroll down and change the trigger to each result from once and it should create one incident per row of your result</P> Thu, 07 Jan 2021 15:10:14 GMT https://community.splunk.com/t5/Splunk-Enterprise-Security/Multiple-incident-creation-on-servicenow-through-splunk/m-p/535059#M9607 rajashekar_s 2021-01-07T15:10:14Z