I have Splunk Enterprise installed on a Linux server. I am accessing it through an instance like http://(server ip)/8000/ from my Windows machine.
I have added the Splunk Add-on for ServiceNow and Splunk App for ServiceNow.
There is REST API on the ServiceNow instance, and I have configured MID server in ServiceNow.
How to configure the rest api in service-now and splunk?
i saw in splunk documents that splunk takes data from servicenow via Rest API.
so pls specify how to configure rest api in service-now to be able to send data from service-now to splunk.
If yes, can you please specify the steps I need to follow along?
And also please specify any other way available.
you can find all needed information in the docs about the App for ServiceNow http://docs.splunk.com/Documentation/ServiceNow and the Add-on for ServiceNow http://docs.splunk.com/Documentation/AddOns/latest/ServiceNow/About
Also worth reading this part of the docs http://docs.splunk.com/Documentation/ServiceNow/4.0.1/User/Commandsalertactionsandscripts
Hope this helps ...
Hi MuS, Thanks for the links.
I have gone through the entire documentation. All it says is
"The add-on collects incident, event, change, user, user group, location, and CMDB CI information from ServiceNow via ServiceNow REST APIs"
Apart from there there is nodetails of how to se or configure the rest api from either service-now point or splunk interface.
I don't know what you're missing?
Configure ServiceNow to integrate with the Splunk platform:
Install the Splunk App for ServiceNow on Splunk Enterprise:
I have configured everything. the add-on integration.
i can send data from splunk to servicenow inform of incident creation. but not vice versa.
i want the process how to use "RESt api" in service-now to get data from service-now into splunk.
as it is written "The add-on collects incident, event, change, user, user group, location, and CMDB CI information from ServiceNow via ServiceNow REST APIs".
and in the links u posted there is no where written how to use rest api.
Okay, you must misunderstand something here; it's not ServiceNow updating Splunk. There is an input in the ServiceNow App which reads all the data in ServiceNow from Splunk, check if they are enabled. Also, enable debugging in the TA and check what the logs report see http://docs.splunk.com/Documentation/ServiceNow/latest/Install/Troubleshoot for more details.
Again, Splunk is creating/pushing Incidents or Events in ServiceNow and also Splunk is reading from ServiceNow; it's never that ServiceNow is pushing anything into Splunk.
Hope this helps ...
Ok thank you. I have understood your point.
but in the line "The add-on collects incident, event, change, user, user group, location, and CMDB CI information from ServiceNow via ServiceNow REST APIs".
the addon in the sense splunk add-on from servicenow right?
then how it is collecting the above said events and cmdb information usinf servicenow's rest api?
can you please explain the meaning of sentence.
thanks in advance.
The Add on provides a script that connect to the Service Now REST API and processes the returned information which then will be available in Splunk for further reporting.