All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Add-on for ServiceNow: Splunk is not pulling Change Management data from ServiceNow

srikanth1213
Path Finder
‎09-09-2016 12:53 PM

Hi Splunksters,

We have this issue in our environment where Splunk is pulling correct Incident Data from ServiceNow, however it is unable to pull the Change ticket data from ServiceNow. It has stopped pulling data since 25 Aug 2016 when there was an issue from ServiceNow; that issue was fixed on 30 Aug 2016.

When I looked into ta_snow.log the only query it is trying to pull is below. I did try to refresh the connection between Splunk and ServiceNow but no luck. Is there something I am missing here? Kindly let me know.

2016-09-09 14:55:15,226 INFO 9200 - end https://itsm.dtcc.com/change_request.do?JSONv2&sysparm_query=sys_updated_on>=2017-03-09+15:17:49^ORD...

Regards
Srikanth.D

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

srikanth1213
Path Finder
‎09-23-2016 07:27 AM

Jus thought of posting the fix.
To fix the issue we had to edit "change_request.sys_updated_on" in the location "E:\Program Files\Splunk\var\lib\splunk\modinputs"and change the date to the one from which we were missing the Change date i.e from 08/25/2016, as it was holding the future date i.e 2017-09-03, files were not getting indexed.
The issue was caused when SNOW team had installed a plugin that generated bogus Change tickets with future time stamps.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

srikanth1213
Path Finder
‎09-23-2016 07:27 AM

Jus thought of posting the fix.
To fix the issue we had to edit "change_request.sys_updated_on" in the location "E:\Program Files\Splunk\var\lib\splunk\modinputs"and change the date to the one from which we were missing the Change date i.e from 08/25/2016, as it was holding the future date i.e 2017-09-03, files were not getting indexed.
The issue was caused when SNOW team had installed a plugin that generated bogus Change tickets with future time stamps.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...