All Apps and Add-ons

How to push Splunk alerts into Service now

gajananh999
Contributor

Hello Everyone,

We have some set some splunk alert and we want to push these alert into the Service Now i have gone through couple google links on splunk forum [http://answers.splunk.com/answers/47086/service-now-ticket-generation-via-splunk-alerts] there are two way to do this.

1) when get the alert run script and create a ticket in service now

2) get that alert as a email and then create a ticket in service now.

Is there any other way where we can directly create a ticket in service now using any application or any other way?

Thanks

Gajanan Hiroji

0 Karma

rsennett_splunk
Splunk Employee
Splunk Employee

It sounds like you're talking about the older version of the app.

You might want to check the current Splunk App for ServiceNow

http://apps.splunk.com/app/1770/

This is a certified integration between Splunk and ServiceNow

This version is certified for the following ServiceNow releases: Eureka, Dublin and Calgary
The application includes the "Update Sets" certified by ServiceNow
Incidents are written to a temporary staging table prior to incident creation
Scripted inputs support change, incident, problem, CMDB and event integration
Cross-Launch functionality now supports linking to ServiceNow Knowledge Base articles

With Splunk... the answer is always "YES!". It just might require more regex than you're prepared for!
0 Karma

BP9906
Builder

Well the Splunk App for ServiceNow is doing a json call to open an Incident. Why cant you do the same thing in your other application?

0 Karma

gajananh999
Contributor

Can anybody help me on this?

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!