I am able to run "sendalert snowincident" manually from the search bar of Splunk, and this results in the creation of Incidents in ServiceNow. We have a need to be able to do this from the Alert Manager, and I would like to be able to use the External Workflow Actions to do it.
Simply by installing the TA for SNOW, there are two actions that become available in the External Workflow Actions of the Alert Manager, "snowincident" and "snow_event", however, when I attempt to invoke the actions from the Incident Posture dashboard, I get no results.
I do not think Splunk is even attempting to run the action because there is nothing logged in Splunk internally that reflects success or failure, and there are no errors in the transform error logs in ServiceNow.
Has anyone been able to generate Incidents in ServiceNow by using the External Workflow actions of the Alert Manager?