I need to integrate the Splunk and servicenow without installing the plugin. My Servicenow Admin requesting me to send the below detail to REST API of servicenow event table.
And the below detail needs to send in JSON format and in the --additional_info field:
{
"NodeName": "XX",
"NodeIPAddress": "XX",
"InterfaceName": "XX",
"InterfaceTransmit (%)": "XX %",
"InterfaceReceive (%)": "XX%",
"DateTime": "XX",
"AssignmentGroup": "XX",
"LocationID": "XX"
}
How I can do this by simple SPL?
Without installing the plugin i need to create events in servicenow ??
Any way ??
I have the same issue. I have the plugin install, but it doesn't support the additional_info field they are asking me to populate.
I found the json_object and json_array commands that look like they will work to create the json blob.
I still need to figure out how to make the API call to send the data over.
I'll post again if I figure that part out.
I think it's not possible. You need to install the Splunk plugin to create incidents and events from Splunk because Splunk hit the rest API to some intermediate tables created through that plugin and after that plugin create actual incidents and events in the ServiceNow.
Download the ServiceNow plugin and look at how it does that. I believe you'll find it's not simple SPL.
Is there a reason why you can't install the app?
If the servicenow upgraded and in case the plugin not supported for new version then it will be a problem.
I have the REST API of servicenow to create a incident but i need to pass some JSON payload to generate.
I have tested POST REST API with postman with the body JSON am able to create incident but i cant call the same in splunk.
How can i add the POST body JSON payload in splunk ?