Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I onboard SNOW RITM variables data to splunk

epari1437
Engager
‎06-17-2021 05:00 AM

Requirement is to onboard SNOW RITM variables data to Splunk. Using table name SC_REQ_ITEM and SC_TASK, I can able to fetch data except variables.

Can anyone suggest how can I fetch data for variables which are linked to the catalog item/task.

 

My event would be :

You are requesting for: value

your name: value

select system: laptop

epari1437_0-1623931002717.png

 

0 Karma
Reply

ismedley
Engager
‎06-17-2021 09:30 AM

Splunk's add-on for ServiceNow would do this for you - you'd need to manually edit its inputs.conf to create an ingestion for the sc_req_item table as that one isn't included out the box.

Failing that, the add-on creates a query of the format 

https://<????>.service-now.com/api/now/table/sc_req_item?sysparm_display_value=all&sysparm_offset=0&...timestamp>^sys_updated_on%3C<later_timestamp>^ORDERBYsys_updated_on,sys_id

which will resolve the lookup fields for the record.  The sysparm_fields parameter can be used to restrict the fields returned

 

Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

This is the second post in our Splunk Observability Cloud’s AI Assistant in Action series, in which we look at ...

Elevate Your Organization with Splunk’s Next Platform Evolution

 Thursday, July 10, 2025  |  11AM PDT / 2PM EDT Whether you're managing complex deployments or looking to ...

Splunk Answers Content Calendar, June Edition

Get ready for this week’s post dedicated to Splunk Dashboards! We're celebrating the power of community by ...
Top