Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Dropped events with Splunk Add-on for ServiceNow

paulbannister
Communicator
‎11-12-2020 03:12 AM

Hi All,

We have recently updated our "Splunk Add-on for ServiceNow" to the latest available (6.2.0) from a 4.# release on our Cloud IDM and have been experiencing dropped events ever since.

Particularly with our high traffic tables (sc_tasks, incident) which are frequently updated, we've noticed that the TA will pick up the initial entry for these when created in SNOW but will miss any subsequent updates (i.e. ticket will get closed in SNOW but this will not get reflected/updated in the data in Splunk), there was no issue before so we may need to downgrade the TA if necessary

We currently have cases open with both ServiceNow and Splunk but was wondering if anyone else had experienced similar?

Our instance is all cloud (Splunk Cloud, ServiceNow) and as I said was functioning before the update, which was done as part of 8.1 readiness

Tags (2)
0 Karma
Reply

paulbannister
Communicator
‎01-18-2021 03:57 AM

Just as an FYI for anyone with the same issue, the latest version of the TA has been released and contains the fix for the issue.

0 Karma
Reply

paulbannister
Communicator
‎11-24-2020 07:40 AM

Just as an FYI for anyone with the same issue, this has now been logged as a bug and the developers are currently working on a fix\workaround:

https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/Releasenotes

2020-11-03ADDON-30681Splunk Add-on for ServiceNow is not ingesting updated records intermittently.
0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

  Ready to master Kubernetes and cloud monitoring like the pros?Join Splunk’s Growth Engineering team for an ...

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...