Installation
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to create a servicenow Event & Incident without installing the plugins?

raja8220
New Member
‎10-03-2019 05:48 AM

I need to integrate the Splunk and servicenow without installing the plugin. My Servicenow Admin requesting me to send the below detail to REST API of servicenow event table.

And the below detail needs to send in JSON format and in the --additional_info field:

{
    "NodeName":  "XX",
    "NodeIPAddress":  "XX",
    "InterfaceName":  "XX",
    "InterfaceTransmit (%)":  "XX %",
    "InterfaceReceive (%)":  "XX%",
    "DateTime":  "XX",
    "AssignmentGroup":  "XX",
    "LocationID":  "XX"
}

How I can do this by simple SPL?

0 Karma
Reply

raja8220
New Member
‎11-05-2019 07:15 AM

Without installing the plugin i need to create events in servicenow ??

Any way ??

0 Karma
Reply

ddelmont
Explorer
‎07-29-2020 01:44 PM

I have the same issue.  I have the plugin install, but it doesn't support the additional_info field they are asking me to populate.

I found the json_object and json_array commands that look like they will work to create the json blob. 

I still need to figure out how to make the API call to send the data over.

I'll post again if I figure that part out.

0 Karma
Reply

hkubavat_splunk
Splunk Employee
Splunk Employee
‎10-23-2019 04:28 AM

I think it's not possible. You need to install the Splunk plugin to create incidents and events from Splunk because Splunk hit the rest API to some intermediate tables created through that plugin and after that plugin create actual incidents and events in the ServiceNow.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-03-2019 08:25 AM

Download the ServiceNow plugin and look at how it does that. I believe you'll find it's not simple SPL.
Is there a reason why you can't install the app?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

raja8220
New Member
‎10-21-2019 07:57 AM

If the servicenow upgraded and in case the plugin not supported for new version then it will be a problem.

I have the REST API of servicenow to create a incident but i need to pass some JSON payload to generate.

I have tested POST REST API with postman with the body JSON am able to create incident but i cant call the same in splunk.

How can i add the POST body JSON payload in splunk ?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...