All Apps and Add-ons

Splunk App & Add-on for ServiceNow: Why am I getting an error while integrating SeviceNow with Splunk?

Motivator

I am trying to integrate Splunk with ServiceNow. I have uploaded the ServiceNow app/Add-on in Splunk. Splunk Enterprise is running in the Linux Red hat version 6.5 and the ServiceNow URL is accessed through a proxy server. I am able to access the ServiceNow URL, however, while configuring the setup, I am getting this error message:

“Encountered the following error while trying to update: In handler 'localapps': Error while posting to URL=/servicesNS/nobody/Splunk_TA_snow/service_now_setup/snow_proxy/snow_proxy”

Splunk Application Details:
Splunk Enterprise Version: 6.2.6
Splunk-App for service-now Version: 3
Splunk –Add-on for Service-now Version: 2.6.1

Service-Now version: Fuji
Mozilla Firefox: V17

Has anyone encountered a similar error? What is the best possible solution to address this?

Thanks

Path Finder

We were having the same problem with the following updated applications and add-on.

Splunk Application Details:
- Splunk Enterprise Version: 6.3.1
- Splunk-App for service-now Version: 4.0.0
- Splunk–Add-on for Service-now Version: 2.7.0

  • Service-Now version: Fuji
  • Google Chrome 44.0.2403.157 m
  • SMP Debian 3.16.7-ckt11-1+deb8u6 (2015-11-09) x86_64 GNU/Linux

We were just using our proxy FQDN, i.e... "proxy.company.com" and it kept failing.

Inside the SplunkTAsnow/local/servicenow.conf file, the proxy variable name is "proxyurl".

As soon as we entered "http://proxy.company.com" it saved successfully without errors.

Potentially Splunk could do some input validation in an updated release.

0 Karma

Splunk Employee
Splunk Employee

I filed a bug, but since there's no support ticket, it's on the slow track. I'm also pretty sure that the kind of live validation you're looking for isn't possible from the technology used in that setup screen, so it'll have to wait for a re-architecture. I'd be happy to be wrong.

0 Karma

Path Finder

Are you also able to add to the bug ticket that the TA adds about 8 different "snow_" indexes, however the app defaults to "main". We set ours up to use "index = snow" as default, to make it eaiser / logical.

0 Karma

Path Finder

Hi Jcoates,

I'm facing the same issue in my servicenow instance. getting this error in both my splunk windows and Linux instance. Can you please help me in to resolve this issue.

With Regards,
Krishna R

0 Karma

Splunk Employee
Splunk Employee

That's an inability to post your proxy credentials back into Splunk; are you doing this as an admin?

0 Karma

Explorer

@Hemnaath , @jcoates : I am facing exactly same issue while my ServiceNow instance doesn't even use proxy setup. I have tried all the steps mentioned above . Kindly let me know a workaround for this .

Path Finder

@splunkdevabhi I am facing similar issue , did you have any solution for this error?

0 Karma

Path Finder

@raghuvedic I have updated the SplunkTAsnow/local/servicenow.conf file manually, which has helped me to fix the issue.

0 Karma

Communicator

Can you expand on this? We don't use a proxy and are facing the same error... How did you overcome?

0 Karma

Motivator

Did you manage to get it working @dijkul? No luck on my end still

0 Karma

Communicator

I did. Turns out our SSL-rewrite appliances were messing with it's HTTPS cert info. I was successful testing after eliminating SSL interception.

0 Karma

Motivator

Same. No proxy but this error, both with add-on versions 2.8 and 3.1. The service_now.conf file looks fine...

0 Karma

Motivator

Hi Krishna, we had this issue, because of the proxy setting which was blocking the port and I am not sure right now, as it was done long back in different project.

0 Karma

Motivator

Thanks jcoates, I am having admin privilege for both Splunk/Linux Machine. when I tried to find out the path mentioned in the above error "/servicesNS/nobody/SplunkTAsnow/servicenowsetup/snowproxy/snowproxy” I could not find them under Splunk folder.
kindly let me where we can find this path and is this causing an issue.

0 Karma

Splunk Employee
Splunk Employee

that's a REST endpoint.

$ find splunk/etc/apps/Splunk_TA_snow/ -name *.conf | xargs grep snow_proxy
splunk/etc/apps/Splunk_TA_snow/default/restmap.conf:members = snow_account,snow_proxy,snow_data_collection
splunk/etc/apps/Splunk_TA_snow/default/restmap.conf:[admin_external:snow_proxy]
splunk/etc/apps/Splunk_TA_snow/default/service_now.conf:[snow_proxy]

Motivator

Thanks jcoates, I am able to get this information in my splunk server, but I am not sure what I need to check in this files. Since I am unable to do the Service-now setup configuration I could see all the files are with default setting in default folder. Do I need to do manual configuration by editing all above mentioned conf files from default setting and copy the file to local folder path? splunk/etc/apps/splunkTAsnow /local/ *.conf .
Meanwhile I have taken this log file from Splunkdaccess.log & Servicenow_setup.log file attached. From the log what I could understand there is a problem in user name/password. Kindly let me know if you can help me on this.

Splunkd_access.log

e=json HTTP/1.1" 200 1504 - - - 1ms
127.0.0.1 - - [12/Oct/2015:12:35:51.306 +0530] "GET /services/server/info?outputmod e=json HTTP/1.1" 200 1504 - - - 1ms
127.0.0.1 - - [12/Oct/2015:12:35:56.306 +0530] "GET /services/server/info?output
mod e=json HTTP/1.1" 200 1504 - - - 1ms
127.0.0.1 - splunk-system-user [12/Oct/2015:12:35:56.761 +0530] "GET /servicesNS/-/- /configs/conf-servicenow/reload HTTP/1.0" 200 1858 - - - 10ms
127.0.0.1 - splunk-system-user [12/Oct/2015:12:35:56.780 +0530] "GET /servicesNS/nob ody/SplunkTAsnow/configs/conf-servicenow HTTP/1.0" 200 9058 - - - 2ms
127.0.0.1 - splunk-system-user [12/Oct/2015:12:35:56.786 +0530] "GET /servicesNS/nob ody/Splunk
TAsnow/storage/passwords/https%5C%3A%252F%252Fprod1cafetest.service-now. com%3Adummy%3A HTTP/1.0" 200 4860 - - - 1ms
127.0.0.1 - splunk-system-user [12/Oct/2015:12:35:56.790 +0530] "GET /servicesNS/nob ody/Splunk
TAsnow/storage/passwords/http%5C%3A%252F%252F192.168.20.31%3Adummy%3A HT TP/1.0" 200 4724 - - - 1ms
127.0.0.1 - - [12/Oct/2015:12:36:01.306 +0530] "GET /services/server/info?output
mod e=json HTTP/1.1" 200 1504 - - - 1ms

servicenowsetup.log

2015-10-12 12:34:50,337 INFO pid=27273 tid=MainThread file=snowsetup.py:detectrelease:227 | Detect ServiceNow release and verify credentials
2015-10-12 12:34:50,343 INFO pid=27273 tid=MainThread file=snow
setup.py:decryptusernamepassword:217 | decrypting
2015-10-12 12:34:50,348 INFO pid=27273 tid=MainThread file=snow
setup.py:decryptusernamepassword:217 | decrypting
2015-10-12 12:35:06,312 ERROR pid=27273 tid=MainThread file=snow
setup.py:detectrelease:251 | Failed to validate ServiceNow account or detect release info. Please verify credentials, urls for ServiceNow and proxy, and try again. Reason=Traceback (most recent call last):
File "/opt/splunk/etc/apps/SplunkTAsnow/bin/snowsetup.py", line 243, in _detectrelease
confmgr, config, self.appName, False)
File "/opt/splunk/etc/apps/Splunk
TAsnow/bin/snowconfig.py", line 126, in fixsnowrelease
fixedrelease = SnowConfig.getsnowrelease(defaults)
File "/opt/splunk/etc/apps/Splunk
TAsnow/bin/snowconfig.py", line 188, in getsnowrelease
SnowConfig.verifyuserpass(defaults)
File "/opt/splunk/etc/apps/SplunkTAsnow/bin/snowconfig.py", line 178, in verifyuserpass
raise Exception(msg)
Exception: Failed to verify ServiceNow username and password, reason=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk
TAsnow/bin/snowconfig.py", line 173, in verifyuserpass
resp, content = http.request(url)
File "/opt/splunk/etc/apps/SplunkTAsnow/bin/httplib2/init.py", line 1593, in request
(response, content) = self.request(conn, authority, uri, requesturi, method, body, headers, redirections, cachekey)
File "/opt/splunk/etc/apps/SplunkTAsnow/bin/httplib2/init.py", line 1335, in request
(response, content) = self.
connrequest(conn, requesturi, method, body, headers)
File "/opt/splunk/etc/apps/SplunkTAsnow/bin/httplib2/init.py", line 1263, in connrequest
raise ServerNotFoundError("Unable to find the server at %s" % conn.host)