Installation

How to create a servicenow Event & Incident without installing the plugins?

New Member

I need to integrate the Splunk and servicenow without installing the plugin. My Servicenow Admin requesting me to send the below detail to REST API of servicenow event table.

And the below detail needs to send in JSON format and in the --additional_info field:

{
    "NodeName":  "XX",
    "NodeIPAddress":  "XX",
    "InterfaceName":  "XX",
    "InterfaceTransmit (%)":  "XX %",
    "InterfaceReceive (%)":  "XX%",
    "DateTime":  "XX",
    "AssignmentGroup":  "XX",
    "LocationID":  "XX"
}

How I can do this by simple SPL?

Labels (1)
0 Karma

New Member

Without installing the plugin i need to create events in servicenow ??

Any way ??

0 Karma

Explorer

I have the same issue.  I have the plugin install, but it doesn't support the additional_info field they are asking me to populate.

I found the json_object and json_array commands that look like they will work to create the json blob. 

I still need to figure out how to make the API call to send the data over.

I'll post again if I figure that part out.

0 Karma

Splunk Employee
Splunk Employee

I think it's not possible. You need to install the Splunk plugin to create incidents and events from Splunk because Splunk hit the rest API to some intermediate tables created through that plugin and after that plugin create actual incidents and events in the ServiceNow.

0 Karma

SplunkTrust
SplunkTrust

Download the ServiceNow plugin and look at how it does that. I believe you'll find it's not simple SPL.
Is there a reason why you can't install the app?

---
If this reply helps you, an upvote would be appreciated.
0 Karma

New Member

If the servicenow upgraded and in case the plugin not supported for new version then it will be a problem.

I have the REST API of servicenow to create a incident but i need to pass some JSON payload to generate.

I have tested POST REST API with postman with the body JSON am able to create incident but i cant call the same in splunk.

How can i add the POST body JSON payload in splunk ?

0 Karma