- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunk Add-on for ServiceNow:about the table to ge...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,I will post for the first time.
Please tell me about the table to get from ServiceNow using addon.
I want to import "sys_update_xml" via Addon,what should I do?
"sys_update_xml"is not listed by default in inputs.conf.
By the way,the following 3tables I want to import.
sysevent
sys_audit_delete
sys_update_xml
The following content will be placed in the pass.
Do I have to get [snow]?
pass: $SPLUNK_HOME/etc/apps/Splunk_TA_snow/local
file: inputs.conf
[snow]
index = main
timefield = sys_updated_on
disabled = false
interval = 60
start_by_shell = false
id_field = sys_id
[snow://sysevent]
disabled = false
timefield = sys_created_on
table = sysevent
duration = 60
account =
since_when =2000-01-01 00:00:00
[snow://sys_audit_delete]
disabled = false
timefield = sys_updated_on
table = sys_audit_delete
duration = 60
account =
since_when = 2000-01-01 00:00:00
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can either add your own entry into the inputs.conf file for each table you want to retrieve, or simply add it under the 'Inputs' tab of the app within Splunk.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can either add your own entry into the inputs.conf file for each table you want to retrieve, or simply add it under the 'Inputs' tab of the app within Splunk.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your answer!
Sorry...I don't understand how to entry into the inputs.conf file for "sys_update_xml".
Because the default inputs.conf file has no "sys_update_xml" stanza.
Pass:$SPLUNK_HOME/etc/apps/Splunk_TA_snow/local
↓ default inputs.conf file
[snow]
index = main
timefield = sys_updated_on
exclude =
disabled = true
interval = 60
start_by_shell = false
id_field = sys_id
filter_data =
python.version = python3
[snow://incident]
exclude = description
table = incident
duration = 60
[snow://problem]
exclude = description
table = problem
duration = 60
[snow://em_event]
timefield = time_of_event
table = em_event
duration = 60
[snow://sys_user_group]
since_when = 2000-01-01 00:00:00
table = sys_user_group
duration = 60
[snow://sys_user]
since_when = 2000-01-01 00:00:00
table = sys_user
duration = 60
[snow://change_task]
table = change_task
duration = 60
[snow://change_request]
table = change_request
duration = 60
[snow://cmn_location]
since_when = 2000-01-01 00:00:00
table = cmn_location
duration = 60
[snow://cmdb]
since_when = 2000-01-01 00:00:00
table = cmdb
duration = 60
[snow://cmdb_ci]
since_when = 2000-01-01 00:00:00
table = cmdb_ci
duration = 60
[snow://cmdb_ci_server]
since_when = 2000-01-01 00:00:00
table = cmdb_ci_server
duration = 60
[snow://cmdb_ci_vm]
since_when = 2000-01-01 00:00:00
table = cmdb_ci_vm
duration = 60
[snow://cmdb_ci_infra_service]
since_when = 2000-01-01 00:00:00
table = cmdb_ci_infra_service
duration = 60
[snow://cmdb_ci_db_instance]
since_when = 2000-01-01 00:00:00
table = cmdb_ci_db_instance
duration = 60
[snow://cmdb_ci_app_server]
since_when = 2000-01-01 00:00:00
table = cmdb_ci_app_server
duration = 60
[snow://cmdb_ci_service]
since_when = 2000-01-01 00:00:00
table = cmdb_ci_service
duration = 60
[snow://cmdb_rel_ci]
since_when = 2000-01-01 00:00:00
table = cmdb_rel_ci
duration = 60
[snow://sys_choice]
since_when = 2000-01-01 00:00:00
table = sys_choice
duration = 60
[snow://sysevent]
timefield = sys_created_on
table = sysevent
duration = 60
[snow://syslog]
timefield = sys_created_on
table = syslog
duration = 60
[snow://syslog_transaction]
timefield = sys_created_on
table = syslog_transaction
duration = 60
[snow://sys_audit]
timefield = sys_created_on
table = sys_audit
duration = 60
[snow://sys_audit_delete]
since_when = 2000-01-01 00:00:00
table = sys_audit_delete
duration = 60
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey, in this case you can just add sys_update_xml as an entry in the inputs.conf file yourself. Make a new stanza and fill in whichever fields you need for it:
[snow://sys_update_xml]
timefield = sys_created_on
table = sys_update_xml
duration = 60
etc..
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I appreciate your cooperation. I understand. I want to try it.
Routing logs with Splunk OTel Collector for Kubernetes
Welcome to the Splunk Community!
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
