All Apps and Add-ons

Why I am getting this error in logs - file=snow_ticket.py:_do_event:124 | Failed to connect to https://###preview.service-now.com/api/thntm/incident_service/createInc

kishor_pinjark1
Explorer

Installed ServiceNow add-on on SH. Able to fetch the logs from Incident table for testing purpose.

However, while creating INC in SNOW getting error logs:

2019-05-22 05:35:04,824 ERROR pid=10297 tid=MainThread file=snow_ticket.py:_do_event:124 | Failed to connect to https://###preview.service-now.com/api/thntm/incident_service/createInc, error=Traceback (most recent call last):
File "/opt/splunk/etc/apps/Splunk_TA_snow/bin/snow_ticket.py", line 120, in _do_event
result = self._handle_response(response, content)
File "/opt/splunk/etc/apps/Splunk_TA_snow/bin/snow_ticket.py", line 208, in _handle_response
result = self._get_result(resp)
File "/opt/splunk/etc/apps/Splunk_TA_snow/bin/snow_incident_base.py", line 62, in _get_result
"Incident Number": resp["number"],
KeyError: 'number'

Alert for creating INC:

index="###" host=###
| eval count=1
| eventstats sum(count) AS totalevents by host, Number
| where totalevents > 20
| eval Time=strftime(_time, "%Y-%m-%d %H:%M:%S %p")
| eval Description1="Time: \"" . Time . "\" Hostname: \"" . host . "\" Description: \"" . Description . "\""
| stats count, list(Description1) AS Description values(Number) AS Number by Name totalevents Severity host Security
| nomv Number
| replace "* " WITH ", *" IN Number
| nomv Description
| eval Time=strftime(Time, "%Y-%m-%d %H:%M:%S %p")
| eval summary="Error in Crest ###Server - " . host . " needs immediate attention"
| eval details="Number: \"" . Number . "\" No. of events: \"" . totalevents . "\" Severity: \"" . Severity . "\" Name: \"" . Name . "\" Description: \"" . Description . "\""
| eval assignGroup="GSAM-Z"
| eval opTier1="Malfunction"
| eval opTier2="Error"
| eval prodName="###"
| eval urgency=4
| eval impact=urgency
| fields - Description Hostname totalevents
| dedup Number host
| snowincidentstream

Note: Replaced actual text with ### for security reasons.

0 Karma

flobishop
New Member

Hi, Have you solved this issue because I've the same problem ?

Regards,
Florent

0 Karma
Get Updates on the Splunk Community!

New in Observability - Improvements to Custom Metrics SLOs, Log Observer Connect & ...

The latest enhancements to the Splunk observability portfolio deliver improved SLO management accuracy, better ...

Improve Data Pipelines Using Splunk Data Management

  Register Now   This Tech Talk will explore the pipeline management offerings Edge Processor and Ingest ...

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

Register Join this Tech Talk to learn how unique features like Service Centric Views, Tag Spotlight, and ...