Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Dropped events with Splunk Add-on for ServiceNow

paulbannister
Communicator
‎11-12-2020 03:12 AM

Hi All,

We have recently updated our "Splunk Add-on for ServiceNow" to the latest available (6.2.0) from a 4.# release on our Cloud IDM and have been experiencing dropped events ever since.

Particularly with our high traffic tables (sc_tasks, incident) which are frequently updated, we've noticed that the TA will pick up the initial entry for these when created in SNOW but will miss any subsequent updates (i.e. ticket will get closed in SNOW but this will not get reflected/updated in the data in Splunk), there was no issue before so we may need to downgrade the TA if necessary

We currently have cases open with both ServiceNow and Splunk but was wondering if anyone else had experienced similar?

Our instance is all cloud (Splunk Cloud, ServiceNow) and as I said was functioning before the update, which was done as part of 8.1 readiness

Tags (2)
0 Karma
Reply

paulbannister
Communicator
‎01-18-2021 03:57 AM

Just as an FYI for anyone with the same issue, the latest version of the TA has been released and contains the fix for the issue.

0 Karma
Reply

paulbannister
Communicator
‎11-24-2020 07:40 AM

Just as an FYI for anyone with the same issue, this has now been logged as a bug and the developers are currently working on a fix\workaround:

https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/Releasenotes

2020-11-03ADDON-30681Splunk Add-on for ServiceNow is not ingesting updated records intermittently.
0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...