Reporting

Help needed in sending data from Splunk to Servicenow CMDB

PA1
Builder

Hello,

Can anyone please help me with the below usecase.

we have data ingested into splunk and we would like to send this data from splunk to servicenow cmdb once a day,Can you help me with the options?

 

 

Thanks

0 Karma
1 Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust

@PA1 

I think here, you have to use ServiceNow CMDB API to send data from Splunk.

So I suggest you

  • to explore the APIs that you can use for storing data in CMDB.  
  • create script which will use these Apis to send data to CMDB.
  • you can create an alert which will run on daily basis and execute our script (Refer this link ).

 

I hope this will help you to work more on this use case.

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

 

View solution in original post

desoto-chan
Explorer

@PA1did you manage to make it work? I'm curious to know more about the way you managed to get things done (one never knows when it might be in need of this info). 🙂 if you are still wondering about the intervals, do you consider using other tools? it might be helpful. there are tools (such as zigiops) available on the market to help you with the integration requirements.

0 Karma

PA1
Builder

Hi @kamlesh_vaghela 

i got the endpoint url with a service account details to send the data from splunk to snow, can you please help me with a sample script?

 

Thanks

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@PA1 ?

Can you please try Webhook first? if Webhook won't help then will go with manual script.

https://docs.splunk.com/Documentation/Splunk/7.1.1/Alert/Webhooks

KV
 

0 Karma

PA1
Builder

Thanks @kamlesh_vaghela , I will try the webhook option and see if it works.

 

 

0 Karma

PA1
Builder

@kamlesh_vaghela We need to send this data on a 24 hr interval and since we have millions of records, how we can achieve this if we want to apply delta for the records incase if we go with webhook option?

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@PA1 

I think here, you have to use ServiceNow CMDB API to send data from Splunk.

So I suggest you

  • to explore the APIs that you can use for storing data in CMDB.  
  • create script which will use these Apis to send data to CMDB.
  • you can create an alert which will run on daily basis and execute our script (Refer this link ).

 

I hope this will help you to work more on this use case.

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

 

PA1
Builder

Hi @kamlesh_vaghela do you have any idea on this by chance?

0 Karma

PA1
Builder

Thanks @kamlesh_vaghela

I found the below cmdb data ingestion API, hope this will work out.

https://developer.servicenow.com/dev.do#!/reference/api/orlando/rest/cmdb-ingest-api

 

 

Thanks

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...