We pull change, incident and security incident tickets from servicenow into splunk using the addon app for servicenow. Since we have upgraded the service now add on app to 7.8.0, we are unable to pull security incidents. The other data set related to changes, incident etc is coming through. We see the below error:
2024-08-06 19:22:13,103 ERROR pid=663322 tid=MainThread _data:274 | Failure occurred while getting records for the input: securityincident from the table: sn_si_incident of the servicenow host: xxxx The reason for failure= {'message': 'Insufficient rights to query records', 'detail': 'Field(s) present in the query do not have permission to be read'}. Contact Splunk administrator for further information.
Anyone had this issue?