Hi @livehybrid 

These errors appear in UI. 

I found the following error in "index=_internal eventtype=snow_ta_log_error":- 

2025-08-06 02:03:05,305 log_level=ERROR pid=1 tid=MainThread file=snow_ticket.py:_do_handle:140 | [invocation_id=O1c41b4234274435a4a54df9386ht4b8] Failed to create 1 tickets out of 1 events for account:

2025-08-06 02:03:05,300 log_level=ERROR pid=1 tid=Thread-1 file=snow_ticket.py:_get_resp_record:617 | [invocation_id=O1c41b4234274435a4a54df9386ht4b8] Failed to decode JSON: Expecting value: line 1 column 1 (char 0)

Hi @fongpen 

This is interesting as the 201 response and the fact the ticket is actually created suggests that what is being sent to the API is correct, its just that the API returns something invalid which the TA cannot process, either a non-JSON string or an invalid JSON string. 

I think at this point it will need to go to the app developers to investigate, unless you want to start tweaking the script yourself to output the exact response from the API?!

Since the app is supported by Splunk I think the best action would be to log a support case and explain the actions you've been through already, providing them the logs that you've shared here, hopefully they can send through for their dev team to investigate and remediate.

You can log a support case via https://www.splunk.com/support

🌟 Did this answer help you? If so, please consider:

• Adding karma to show it was useful
• Marking it as the solution if it resolved your issue
• Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

@fongpen 

Can you change the logging level to debug and review the logs for more detailed information?

Also, please try upgrading the add-on to version 9.1.0, since some issues have been resolved in the latest release.

Regards,
Prewin
Splunk Enthusiast | Always happy to help! If this answer helped you, please consider marking it as the solution or giving a Karma. Thanks!

Hi @PrewinThomas 

Here are results: -

2025-08-06 04:57:46,803 log_level=ERROR pid=1 tid=MainThread file=snow_ticket.py:_do_handle:140 | [invocation_id=d888b8ade8c88888ab888c88a888b2d9] Failed to create 1 tickets out of 1 events for account:

2025-08-06 04:57:46,796 log_level=ERROR pid=1 tid=Thread-1 file=snow_ticket.py:_get_resp_record:617 | [invocation_id=d888b8ade8c88888ab888c88a888b2d9] Failed to decode JSON: Expecting value: line 1 column 1 (char 0)

2025-08-06 04:57:46,418 log_level=DEBUG pid=1 tid=MainThread file=snow_incident_base.py:_prepare_data:78 | event_data={'category': 'Infra/Service', 'short_description': 'Application Access PROD error', 'contact_type': 'IT Ticket', 'splunk_url': '', 'urgency': '4', 'subcategory': 'Monitoring', 'state': 'New', 'comments': '', 'location': 'US', 'impact': '4', 'correlation_id': '38bb688f-1d88-47de-a88a-6cb6cbc45e99', 'priority': '4', 'assignment_group': 'Support US', 'description': 'Application Access PROD error, please check', 'u_caller_id': 'xxxxxxxxxxxxxxxxxxxx', 'u_inc_issue_type': 'incident', 'configuration_item': 'Splunk PROD'}

2025-08-06 04:57:46,418 log_level=DEBUG pid=1 tid=Thread-1 file=snow_ticket.py:process_event:255 | [invocation_id=xxxxxxxxxxxxxxxxxxxxxxxxxx] Sending request to https://servicenow.com/api/now/import/x_splu2_splunk_ser_u_splunk_incident: {"category": "Infra/Service", "short_description": "Application Access PROD error", "contact_type": "IT Ticket", "splunk_url": "", "urgency": "4", "subcategory": "Monitoring", "state": "New", "comments": "", "location": "US", "impact": "4", "correlation_id": "38bb688f-1d88-47de-a88a-6cb6cbc45e99", "priority": "4", "assignment_group": "Support US", "description": "Application Access PROD error, please check", "u_caller_id": "xxxxxxxxxxxxxxxxxxxx", "u_inc_issue_type": "incident", "configuration_item": "Splunk PROD"}

Hi @PrewinThomas 

Servicenow Add-on already upgraded to v9.1.0 on 1st Aug but issue still persist. 

I’ve changed the logging level to debug mode and will provide an update later.