All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Splunk Add-on for ServiceNow: Splunk is not pulling Change Management data from ServiceNow

srikanth1213
Path Finder
‎09-09-2016 12:53 PM

Hi Splunksters,

We have this issue in our environment where Splunk is pulling correct Incident Data from ServiceNow, however it is unable to pull the Change ticket data from ServiceNow. It has stopped pulling data since 25 Aug 2016 when there was an issue from ServiceNow; that issue was fixed on 30 Aug 2016.

When I looked into ta_snow.log the only query it is trying to pull is below. I did try to refresh the connection between Splunk and ServiceNow but no luck. Is there something I am missing here? Kindly let me know.

2016-09-09 14:55:15,226 INFO 9200 - end https://itsm.dtcc.com/change_request.do?JSONv2&sysparm_query=sys_updated_on>=2017-03-09+15:17:49^ORD...

Regards
Srikanth.D

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

srikanth1213
Path Finder
‎09-23-2016 07:27 AM

Jus thought of posting the fix.
To fix the issue we had to edit "change_request.sys_updated_on" in the location "E:\Program Files\Splunk\var\lib\splunk\modinputs"and change the date to the one from which we were missing the Change date i.e from 08/25/2016, as it was holding the future date i.e 2017-09-03, files were not getting indexed.
The issue was caused when SNOW team had installed a plugin that generated bogus Change tickets with future time stamps.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

srikanth1213
Path Finder
‎09-23-2016 07:27 AM

Jus thought of posting the fix.
To fix the issue we had to edit "change_request.sys_updated_on" in the location "E:\Program Files\Splunk\var\lib\splunk\modinputs"and change the date to the one from which we were missing the Change date i.e from 08/25/2016, as it was holding the future date i.e 2017-09-03, files were not getting indexed.
The issue was caused when SNOW team had installed a plugin that generated bogus Change tickets with future time stamps.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...