Getting Data In

ServiceNow Add-on 'sys_updated_on' field error



Splunk server: 7.3.5

snow_ta version: 6.0.0

I'm trying to collect data from the snow cmdb input with the ta, but the present error is showed:

'sys_updated_on' field is not found in the data collected for 'cmdb_ci_productive' input
These are the specefic events before the error:




2020-06-26 23:03:46,897 INFO pid=105839 tid=Thread-1 | Initiating request to>=2000-01-01+00:00:00^ORDERBYsys_updated_on

2020-06-26 23:03:56,373 INFO pid=105839 tid=Thread-1 | Ending request to>=2000-01-01+00:00:00^ORDERBYsys_updated_on

2020-06-26 23:03:56,400 ERROR pid=105839 tid=Thread-1 | 'sys_updated_on' field is not found in the data collected for 'cmdb_ci_productive' input. In order to resolve the issue, provide valid value in 'Time
 field of the table' on Inputs page, or edit 'timefield' parameter for the affected input in inputs.conf file.




I tried the troubleshooting query (splunk addon documentation) vs the splunk query (show in the logs) and I can see the data (sys_updated_on field) in the web browser.





It seems like the user configured have the permission to read the data, but for some reason is not working with the TA.

Is there a known issue about it? Did I miss something?


Labels (2)
0 Karma