Other Usage

Help needed in sending data from Splunk to Servicenow CMDB

Roy_9
Motivator

Hello,

Can anyone please help me with the below usecase.

we have data ingested into splunk and we would like to send this data from splunk to servicenow cmdb once a day,Can you help me with the options?

 

 

Thanks

0 Karma
1 Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust

@Roy_9 

I think here, you have to use ServiceNow CMDB API to send data from Splunk.

So I suggest you

  • to explore the APIs that you can use for storing data in CMDB.  
  • create script which will use these Apis to send data to CMDB.
  • you can create an alert which will run on daily basis and execute our script (Refer this link ).

 

I hope this will help you to work more on this use case.

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

 

View solution in original post

desoto-chan
Explorer

@Roy_9did you manage to make it work? I'm curious to know more about the way you managed to get things done (one never knows when it might be in need of this info). 🙂 if you are still wondering about the intervals, do you consider using other tools? it might be helpful. there are tools (such as zigiops) available on the market to help you with the integration requirements.

0 Karma

Roy_9
Motivator

Hi @kamlesh_vaghela 

i got the endpoint url with a service account details to send the data from splunk to snow, can you please help me with a sample script?

 

Thanks

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@Roy_9 ?

Can you please try Webhook first? if Webhook won't help then will go with manual script.

https://docs.splunk.com/Documentation/Splunk/7.1.1/Alert/Webhooks

KV
 

0 Karma

Roy_9
Motivator

Thanks @kamlesh_vaghela , I will try the webhook option and see if it works.

 

 

0 Karma

Roy_9
Motivator

@kamlesh_vaghela We need to send this data on a 24 hr interval and since we have millions of records, how we can achieve this if we want to apply delta for the records incase if we go with webhook option?

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@Roy_9 

I think here, you have to use ServiceNow CMDB API to send data from Splunk.

So I suggest you

  • to explore the APIs that you can use for storing data in CMDB.  
  • create script which will use these Apis to send data to CMDB.
  • you can create an alert which will run on daily basis and execute our script (Refer this link ).

 

I hope this will help you to work more on this use case.

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

 

Roy_9
Motivator

Hi @kamlesh_vaghela do you have any idea on this by chance?

0 Karma

Roy_9
Motivator

Thanks @kamlesh_vaghela

I found the below cmdb data ingestion API, hope this will work out.

https://developer.servicenow.com/dev.do#!/reference/api/orlando/rest/cmdb-ingest-api

 

 

Thanks

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...