Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I onboard SNOW RITM variables data to splunk

epari1437
Engager
‎06-17-2021 05:00 AM

Requirement is to onboard SNOW RITM variables data to Splunk. Using table name SC_REQ_ITEM and SC_TASK, I can able to fetch data except variables.

Can anyone suggest how can I fetch data for variables which are linked to the catalog item/task.

 

My event would be :

You are requesting for: value

your name: value

select system: laptop

epari1437_0-1623931002717.png

 

0 Karma
Reply

ismedley
Engager
‎06-17-2021 09:30 AM

Splunk's add-on for ServiceNow would do this for you - you'd need to manually edit its inputs.conf to create an ingestion for the sc_req_item table as that one isn't included out the box.

Failing that, the add-on creates a query of the format 

https://<????>.service-now.com/api/now/table/sc_req_item?sysparm_display_value=all&sysparm_offset=0&...timestamp>^sys_updated_on%3C<later_timestamp>^ORDERBYsys_updated_on,sys_id

which will resolve the lookup fields for the record.  The sysparm_fields parameter can be used to restrict the fields returned

 

Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
li.common.scroll-to.top