Re: Splunk add-on for servicenow - additional fiel...

ADRIANODL · ‎03-25-2018

Hi all,
We've just installed the Splunk Add-on for ServiceNow on our Splunk Cloud instance, which enables integration between the the two platforms.
The integration itself worked well, and alerts have been successfully configured to trigger an incident in Service Now. However, the ServiceNow Incident Integration add-on comes with a limited number of fields (state, CI, Contact Type, Assignment Group, Category, Subcategory, Short Description, Correlation ID), which doesn't pre-populate the incident with enough information for our teams to work on the incidents. Whenever an incident is triggered, they need to log on to splunk cloud to see more details about the incident.

My question is: is there a way to add additional fields to the ServiceNow Incident Integration add-on, such as severity, long description, etc)?

Thank you for your responses in advance.

Adriano

koshyk · ‎05-16-2019

Can you please check if this is still the case? With new version of SNOW and addon, we are getting all extra data

ChrisBell04 · ‎05-16-2019

@koshyk - what new version? Splunk Add-on for ServiceNow Version 3.1.0 was last updated April 6, 2018.

For what its worth, there has been no communication about enhancement request ADDON-17893 either.

koshyk · ‎05-16-2019

sorry I meant the ServiceNow version too. Jakarta/London versions are emitting too much data, especially fields starting with dv_*
We are receiving about 60+ fields for incident table

ChrisBell04 · ‎04-27-2018

Enhancement request ADDON-17893 has been filed to add the Description field to incident creation.

tommoore · ‎01-22-2019

What's the status on this?

Splunk add-on for servicenow - additional fields

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?