Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunk add-on for servicenow - additional fields
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk add-on for servicenow - additional fields
Hi all,
We've just installed the Splunk Add-on for ServiceNow on our Splunk Cloud instance, which enables integration between the the two platforms.
The integration itself worked well, and alerts have been successfully configured to trigger an incident in Service Now. However, the ServiceNow Incident Integration add-on comes with a limited number of fields (state, CI, Contact Type, Assignment Group, Category, Subcategory, Short Description, Correlation ID), which doesn't pre-populate the incident with enough information for our teams to work on the incidents. Whenever an incident is triggered, they need to log on to splunk cloud to see more details about the incident.
My question is: is there a way to add additional fields to the ServiceNow Incident Integration add-on, such as severity, long description, etc)?
Thank you for your responses in advance.
Adriano
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you please check if this is still the case? With new version of SNOW and addon, we are getting all extra data
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@koshyk - what new version? Splunk Add-on for ServiceNow Version 3.1.0 was last updated April 6, 2018.
For what its worth, there has been no communication about enhancement request ADDON-17893 either.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sorry I meant the ServiceNow version too. Jakarta/London versions are emitting too much data, especially fields starting with dv_*
We are receiving about 60+ fields for incident table
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Enhancement request ADDON-17893 has been filed to add the Description field to incident creation.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What's the status on this?
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions
Splunk Community Badges!
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
