Getting Data In

How can I retrieve ServiceNow field values with . (period) in the name through Splunk's Add-on for ServiceNow?

andrew_f_trobec
Explorer

Hello!

I am using the Splunk Add-on for ServiceNow to retrieve data from standard ServiceNow tables, in particular the "sc_req_item" table for service requests.  The form has a custom field that I need to extract and it has an internal id of "variables.4d1b6d291b2fd4d025d5eb186e4bcb19".

When calling the ServiceNow REST API with Postman I can retrieve the field without issue:

screenshot.png

When trying to retrieve the same field using the Splunk Add-on for ServiceNow I get the message:

"Values should begin with a letter or '$', and can include '_' and numbers, but got the value: variables.4d1b6d291b2fd4d025d5eb186e4bcb19"

log.png

I can sync all the fields I need through the connector with the exception of the custom which has a . (period) in the name.  I have tried using quotes and replacing . (period) with _ (underscore) but I cannot get the field synced.  Here is the input configuration for reference:

form.png

Is what I am trying to do possible with the Splunk Add-on for ServiceNow?

Thanks!

Andrew

Labels (1)
0 Karma
1 Solution

abhishek_solank
Engager

In the special_character_validation function in the snow.py file, there is a regex that only allows $ and _ as special characters. Modify the regex to allow a dot / period as well. Use regex101.com to test your regex.

I was afraid it might break something else but I can confirm it works just fine. I was even able to dot-walk two fields (e.g. caller_id.location.country). The Splunk adapter version that I checked this was 7.1. The Splunk Enterprise version was 8.0.6 and the ServiceNow version was Paris.

View solution in original post

andrew_f_trobec
Explorer

@abhishek_solank Amazing, thank you so much, this solved the issue!  The custom field is now syncing:

screenshot.png

Not sure if I updated the regex correctly, but it now looks like this (I added the two periods (.)):

"^(u_|[a-z$.])([_]?[a-z$.\d]+)*$"

Since it works I'm not gonna go searching for trouble 🙂

Best regards,

Andrew

0 Karma

abhishek_solank
Engager

In the special_character_validation function in the snow.py file, there is a regex that only allows $ and _ as special characters. Modify the regex to allow a dot / period as well. Use regex101.com to test your regex.

I was afraid it might break something else but I can confirm it works just fine. I was even able to dot-walk two fields (e.g. caller_id.location.country). The Splunk adapter version that I checked this was 7.1. The Splunk Enterprise version was 8.0.6 and the ServiceNow version was Paris.

View solution in original post

Register for .conf21 Now! Go Vegas or Go Virtual!

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.