All Apps and Add-ons

Splunk add-on for ServiceNow - send csv results from alert action

jformosa
New Member

I would either like to send the results table as the description field to ServiceNow or be able to pass the csv results and attach it to the opened incident ticket.
The goal is to work the ticket from ServiceNow without having to go into Splunk to review the results.

As of now in the description field i am passing
$result.src_ip$ $result.dest_ip$ $result.threat_intel_list$ $result.threat_match_field$ $result.threat_collection$ $result.original_sourcetype$ $result.count$
but the only passes the first result of the report.

Has anyone be able to pass the all the search results into a single ServiceNow ticket?

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!