servicenow incidents in splunk


AM not able to see all the incidents which are there in my servicenow instance.
I have splunkTASnow app configured in my splunk.
and am getting below error in splnktasnow_main log file.

2016-10-16 15:49:34,318 INFO pid=9600 tid=Thread-2 | start
2016-10-16 15:49:35,229 INFO pid=9600 tid=Thread-2 | end
2016-10-16 15:49:35,234 INFO pid=9600 tid=Thread-2 | Get 0 records from
2016-10-16 15:49:35,236 INFO pid=9600 tid=Thread-2 file=snow | End collecting from incident.

0 Karma


Hello surekhasplunk,

There are no errors in your log file.

The TAsnow just can't find any new records created after sysupdated_on>=2016-10-07.

Check your input.conf, you can add this option :

since_when = your_date

The TAsnow will start collecting from yourdate until today.
Next by default he will check every two minutes if they are updates on your table.

Hope this help

0 Karma