All Apps and Add-ons
Highlighted

Splunk App & Add-on for ServiceNow: Why am I getting an error while integrating SeviceNow with Splunk?

Motivator

I am trying to integrate Splunk with ServiceNow. I have uploaded the ServiceNow app/Add-on in Splunk. Splunk Enterprise is running in the Linux Red hat version 6.5 and the ServiceNow URL is accessed through a proxy server. I am able to access the ServiceNow URL, however, while configuring the setup, I am getting this error message:

“Encountered the following error while trying to update: In handler 'localapps': Error while posting to URL=/servicesNS/nobody/Splunk_TA_snow/service_now_setup/snow_proxy/snow_proxy”

Splunk Application Details:
Splunk Enterprise Version: 6.2.6
Splunk-App for service-now Version: 3
Splunk –Add-on for Service-now Version: 2.6.1

Service-Now version: Fuji
Mozilla Firefox: V17

Has anyone encountered a similar error? What is the best possible solution to address this?

Thanks

Highlighted

Re: Splunk App & Add-on for ServiceNow: Why am I getting an error while integrating SeviceNow with Splunk?

Splunk Employee
Splunk Employee

That's an inability to post your proxy credentials back into Splunk; are you doing this as an admin?

0 Karma
Highlighted

Re: Splunk App & Add-on for ServiceNow: Why am I getting an error while integrating SeviceNow with Splunk?

Motivator

Thanks jcoates, I am having admin privilege for both Splunk/Linux Machine. when I tried to find out the path mentioned in the above error "/servicesNS/nobody/SplunkTAsnow/servicenowsetup/snowproxy/snowproxy” I could not find them under Splunk folder.
kindly let me where we can find this path and is this causing an issue.

0 Karma
Highlighted

Re: Splunk App & Add-on for ServiceNow: Why am I getting an error while integrating SeviceNow with Splunk?

Splunk Employee
Splunk Employee

that's a REST endpoint.

$ find splunk/etc/apps/Splunk_TA_snow/ -name *.conf | xargs grep snow_proxy
splunk/etc/apps/Splunk_TA_snow/default/restmap.conf:members = snow_account,snow_proxy,snow_data_collection
splunk/etc/apps/Splunk_TA_snow/default/restmap.conf:[admin_external:snow_proxy]
splunk/etc/apps/Splunk_TA_snow/default/service_now.conf:[snow_proxy]
Highlighted

Re: Splunk App & Add-on for ServiceNow: Why am I getting an error while integrating SeviceNow with Splunk?

Motivator

Thanks jcoates, I am able to get this information in my splunk server, but I am not sure what I need to check in this files. Since I am unable to do the Service-now setup configuration I could see all the files are with default setting in default folder. Do I need to do manual configuration by editing all above mentioned conf files from default setting and copy the file to local folder path? splunk/etc/apps/splunkTAsnow /local/ *.conf .
Meanwhile I have taken this log file from Splunkdaccess.log & Servicenow_setup.log file attached. From the log what I could understand there is a problem in user name/password. Kindly let me know if you can help me on this.

Splunkd_access.log

e=json HTTP/1.1" 200 1504 - - - 1ms
127.0.0.1 - - [12/Oct/2015:12:35:51.306 +0530] "GET /services/server/info?outputmod e=json HTTP/1.1" 200 1504 - - - 1ms
127.0.0.1 - - [12/Oct/2015:12:35:56.306 +0530] "GET /services/server/info?output
mod e=json HTTP/1.1" 200 1504 - - - 1ms
127.0.0.1 - splunk-system-user [12/Oct/2015:12:35:56.761 +0530] "GET /servicesNS/-/- /configs/conf-servicenow/reload HTTP/1.0" 200 1858 - - - 10ms
127.0.0.1 - splunk-system-user [12/Oct/2015:12:35:56.780 +0530] "GET /servicesNS/nob ody/SplunkTAsnow/configs/conf-servicenow HTTP/1.0" 200 9058 - - - 2ms
127.0.0.1 - splunk-system-user [12/Oct/2015:12:35:56.786 +0530] "GET /servicesNS/nob ody/Splunk
TAsnow/storage/passwords/https%5C%3A%252F%252Fprod1cafetest.service-now. com%3Adummy%3A HTTP/1.0" 200 4860 - - - 1ms
127.0.0.1 - splunk-system-user [12/Oct/2015:12:35:56.790 +0530] "GET /servicesNS/nob ody/Splunk
TAsnow/storage/passwords/http%5C%3A%252F%252F192.168.20.31%3Adummy%3A HT TP/1.0" 200 4724 - - - 1ms
127.0.0.1 - - [12/Oct/2015:12:36:01.306 +0530] "GET /services/server/info?output
mod e=json HTTP/1.1" 200 1504 - - - 1ms

servicenowsetup.log

2015-10-12 12:34:50,337 INFO pid=27273 tid=MainThread file=snowsetup.py:detectrelease:227 | Detect ServiceNow release and verify credentials
2015-10-12 12:34:50,343 INFO pid=27273 tid=MainThread file=snow
setup.py:decryptusernamepassword:217 | decrypting
2015-10-12 12:34:50,348 INFO pid=27273 tid=MainThread file=snow
setup.py:decryptusernamepassword:217 | decrypting
2015-10-12 12:35:06,312 ERROR pid=27273 tid=MainThread file=snow
setup.py:detectrelease:251 | Failed to validate ServiceNow account or detect release info. Please verify credentials, urls for ServiceNow and proxy, and try again. Reason=Traceback (most recent call last):
File "/opt/splunk/etc/apps/SplunkTAsnow/bin/snowsetup.py", line 243, in _detectrelease
confmgr, config, self.appName, False)
File "/opt/splunk/etc/apps/Splunk
TAsnow/bin/snowconfig.py", line 126, in fixsnowrelease
fixedrelease = SnowConfig.getsnowrelease(defaults)
File "/opt/splunk/etc/apps/Splunk
TAsnow/bin/snowconfig.py", line 188, in getsnowrelease
SnowConfig.verifyuserpass(defaults)
File "/opt/splunk/etc/apps/SplunkTAsnow/bin/snowconfig.py", line 178, in verifyuserpass
raise Exception(msg)
Exception: Failed to verify ServiceNow username and password, reason=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk
TAsnow/bin/snowconfig.py", line 173, in verifyuserpass
resp, content = http.request(url)
File "/opt/splunk/etc/apps/SplunkTAsnow/bin/httplib2/init.py", line 1593, in request
(response, content) = self.request(conn, authority, uri, requesturi, method, body, headers, redirections, cachekey)
File "/opt/splunk/etc/apps/SplunkTAsnow/bin/httplib2/init.py", line 1335, in request
(response, content) = self.
connrequest(conn, requesturi, method, body, headers)
File "/opt/splunk/etc/apps/SplunkTAsnow/bin/httplib2/init.py", line 1263, in connrequest
raise ServerNotFoundError("Unable to find the server at %s" % conn.host)

Highlighted

Re: Splunk App & Add-on for ServiceNow: Why am I getting an error while integrating SeviceNow with Splunk?

Explorer

@Hemnaath , @jcoates : I am facing exactly same issue while my ServiceNow instance doesn't even use proxy setup. I have tried all the steps mentioned above . Kindly let me know a workaround for this .

Highlighted

Re: Splunk App & Add-on for ServiceNow: Why am I getting an error while integrating SeviceNow with Splunk?

Motivator

Hi Krishna, we had this issue, because of the proxy setting which was blocking the port and I am not sure right now, as it was done long back in different project.

0 Karma
Highlighted

Re: Splunk App & Add-on for ServiceNow: Why am I getting an error while integrating SeviceNow with Splunk?

Path Finder

@splunkdevabhi I am facing similar issue , did you have any solution for this error?

0 Karma
Highlighted

Re: Splunk App & Add-on for ServiceNow: Why am I getting an error while integrating SeviceNow with Splunk?

Path Finder

@raghuvedic I have updated the SplunkTAsnow/local/servicenow.conf file manually, which has helped me to fix the issue.

0 Karma
Highlighted

Re: Splunk App & Add-on for ServiceNow: Why am I getting an error while integrating SeviceNow with Splunk?

Communicator

Can you expand on this? We don't use a proxy and are facing the same error... How did you overcome?

0 Karma