Reporting

Help needed in sending data from Splunk to Servicenow CMDB

Splunker96
Builder

Hello,

Can anyone please help me with the below usecase.

we have data ingested into splunk and we would like to send this data from splunk to servicenow cmdb once a day,Can you help me with the options?

 

 

Thanks

0 Karma
1 Solution

kamlesh_vaghela
SplunkTrust
SplunkTrust

@Splunker96 

I think here, you have to use ServiceNow CMDB API to send data from Splunk.

So I suggest you

  • to explore the APIs that you can use for storing data in CMDB.  
  • create script which will use these Apis to send data to CMDB.
  • you can create an alert which will run on daily basis and execute our script (Refer this link ).

 

I hope this will help you to work more on this use case.

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

 

View solution in original post

desoto-chan
Explorer

@Splunker96did you manage to make it work? I'm curious to know more about the way you managed to get things done (one never knows when it might be in need of this info). 🙂 if you are still wondering about the intervals, do you consider using other tools? it might be helpful. there are tools (such as zigiops) available on the market to help you with the integration requirements.

0 Karma

Splunker96
Builder

Hi @kamlesh_vaghela 

i got the endpoint url with a service account details to send the data from splunk to snow, can you please help me with a sample script?

 

Thanks

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@Splunker96 ?

Can you please try Webhook first? if Webhook won't help then will go with manual script.

https://docs.splunk.com/Documentation/Splunk/7.1.1/Alert/Webhooks

KV
 

0 Karma

Splunker96
Builder

Thanks @kamlesh_vaghela , I will try the webhook option and see if it works.

 

 

0 Karma

Splunker96
Builder

@kamlesh_vaghela We need to send this data on a 24 hr interval and since we have millions of records, how we can achieve this if we want to apply delta for the records incase if we go with webhook option?

0 Karma

kamlesh_vaghela
SplunkTrust
SplunkTrust

@Splunker96 

I think here, you have to use ServiceNow CMDB API to send data from Splunk.

So I suggest you

  • to explore the APIs that you can use for storing data in CMDB.  
  • create script which will use these Apis to send data to CMDB.
  • you can create an alert which will run on daily basis and execute our script (Refer this link ).

 

I hope this will help you to work more on this use case.

Thanks
KV
▄︻̷̿┻̿═━一

If any of my reply helps you to solve the problem Or gain knowledge, an upvote would be appreciated.

 

Splunker96
Builder

Hi @kamlesh_vaghela do you have any idea on this by chance?

0 Karma

Splunker96
Builder

Thanks @kamlesh_vaghela

I found the below cmdb data ingestion API, hope this will work out.

https://developer.servicenow.com/dev.do#!/reference/api/orlando/rest/cmdb-ingest-api

 

 

Thanks

0 Karma
Get Updates on the Splunk Community!

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Hello everyone! Don't wait to submit - The deadline is August 12th! We have truly missed the community so ...