It’s worth noting that this issue is being tested under the Splunk application for OS X. The goal is to get Splunk creating tickets in Service Now based on scheduled alerts. My working example is a WARN when a disk crosses the threshold of 20% available.
The search I have scheduled in Splunk looks like this:
I've read the link. How are you authenticating within the snow script when its called from an alert ? When you run it from the CLI it looks like you need to enter a username / password.
Also - what arguments do you think are missing ? Have you added debug to the script and redirected it to file to see where i tgoes wrong ?