Sending Splunk Alert to SNOW and automatically cr...

spl_unker · ‎09-07-2020

Hello Splunkers ,

I want to like to integrate Splunk and ServiceNow and send the triggered alerts to SNOW as an incident. I know there is an app in Splunkbase to integrate with SNOW. But i dont find the steps on how to configure to send the alerts as an incident in SNOW.

Can someone help me with the high level steps?

Thanks in Advance

thambisetty · ‎09-08-2020

Latest version of splunk add-on for servicenow is 6.0.3

okay, follow below steps:

configure your servicenow instance with app recommended in add-on doc.
once servicenow instance is configured, you will get URL and credentials.
install TA on search head
Configure URL and credentials in TA.
create a search and save it as alert.
add alert action incident create from servicenow
fill details

if you found this useful, up vote.

————————————
If this helps, give a like below.

thambisetty · ‎09-07-2020

do you have enterprise security in place ?

which version of Splunk add-on for service now are you using?

————————————
If this helps, give a like below.

spl_unker · ‎09-07-2020

No , I have a Non-ES Splunk. Im yet to install the SNOW add-on . Just exploring the steps before installing the SNOW. However i will be using the latest version 4.0.3.

Sending Splunk Alert to SNOW and automatically create an incident ticket

alert action

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!