We are looking to send all the triggered alerts from Splunk to Servicenow and from there, our Servicenow team will create incidents, instead create them automatically? Is this a possible scenario?
Can someone help us ?
Have you considered the Splunk App for Service Now? Installing and configuring is pretty well documented.
Alternatively, if your SNow environment is configured so... you can just have Splunk raise an incident by sending an email to a SNow monitored mailbox using an alert action.
Try this, and let us know if you have any issues
Is there any alternate way to create SNOW incident without using Splunk add-on for SNOW? Our SNOW team has exposed few REST API's for creating incident but I am struggling to make use of them in Splunk for creating incident as a action for alert.