All Apps and Add-ons

How to add a description and caller name fields in ServiceNow incident integration for Splunk Add-on for ServiceNow?

vigneshmadesh
Explorer

In Splunk Add-on for ServiceNow, we have ServiceNow incident integration alerts to create incidents.
In addition to the field provided to add incidents like "co-relation id","Assignment group", can we add more fields to the same like
Description and Caller id?

chrisyounger
SplunkTrust
SplunkTrust

Hopefully Splunk will add this functionality soon. In the meantime I have created some documentation on how to do this process here: https://answers.splunk.com/answers/736869/servicenow-how-do-set-extra-custom-fields-when-cre.html

0 Karma

AniPrag
Engager

@ChrisBell04 did you get any answer or solution for this request..as i am facing the same

0 Karma

ChrisBell04
Communicator

Nope.

Enhancement requests have been logged for Splunk development. Feel free to create your own support requests and reference those two tickets, so it shows other customers want these features sooner than later.

0 Karma

ChrisBell04
Communicator

Enhancement request ADDON-17893 has been filed to add the Description field to incident creation.

0 Karma

todd_miller
Communicator

There is a lot of data that we would like to update via the SNOW integration with Splunk as we create tickets. As it stands, they're quite sparse. We would love to be able to add additional information to minimize the amount of work that a human has to put into the ticket.

The value of the integration is lacking as it stands.

ehaddad_splunk
Splunk Employee
Splunk Employee

We ingest what the the Servicenow REST endpoint exposes. This is the call we make
https://.service-now.com/.do?JSONv2&sysparm_query=sys_created_on>=2016-01-01+00:00:00^ORDERBYsys_created_on&sysparm_record_count=50 mysinstance.service-now.com
at the end we are limited to what SNOW exposes. check with your admin, if there is a way to add more fields.

0 Karma

shashankrainanc
New Member

@chrisbell04
We want to raise SNOW incidents from Splunk ES. We want to send the urgency and severity fields to SNOW, but the alert action doesnt have these fields. And it sends these values as default to SNOW. Is there any way to make other fields visible?We are using 2.9.1 version of Snow Add On, and upgrading to 3.1 within next 2 weeks

0 Karma

vigneshmadesh
Explorer

Hi ehadded,

https://.service-now.com/.do?JSONv2&sysparm_query=sys_created_on>=2016-01-01+00:00:00^ORDERBYsys_created_on&sysparm_record_count=50 mysinstance.service-now.com

above the urls are not opening.

Thanks and Regards,
Vignesh

0 Karma

ChrisBell04
Communicator

@ehaddad [Splunk]
That .do?JSONv2 REST endpoint is very old (CALGARY & DUBLIN releases per \Splunk_TA_snow\bin\snow_ticket.py). Any of the modern REST endpoints use the Table API (api/now/table/). That being all said, caller_id is a standard field which has been around for years and should be supported by this addon.

I'd really rather not have to hack the various Python scripts to get this feature supported...

0 Karma

ChrisBell04
Communicator

caller_id aka Requester has been logged as enhancement request SNOWAPP200.

0 Karma
Get Updates on the Splunk Community!

Maximize the Value from Microsoft Defender with Splunk

<P style=" text-align: center; "><span class="lia-inline-image-display-wrapper lia-image-align-center" ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

<FONT size="5"><FONT size="5" color="#FF00FF">Get the latest news and updates from the Splunk Community ...