Hi Team,
I am trying to create a ticket with SNOWINCIDENTSTREAM command but it is giving me a error stating "Failed to create ticket".
What could be the possible reason for the same?
So your base search has all required arguments for a servicenow ticket?
Please post the search query.
Example:
sourcetype="CPURates" earliest=-5m latest=now
| stats avg(CPU) as CPU last(_time) as time by host
| where CPU>=95 | eval contact_type="email"
| eval ci_identifier=host | eval priority="1"
| eval category="Software" | eval subcategory="database"
| eval short_description="CPU on ". host ." is at ". CPU
| snowincidentstream
For incidents, the required arguments are category, short_description, and contact_type. For events, the required arguments are node, resource, type, and severity.
http://docs.splunk.com/Documentation/AddOns/released/ServiceNow/Usestreamingcommands