Splunk Cloud Platform

Unable to pull security incidents from servicenow since the app (splunk_TA_snow) upgrade to 7.8.0

gundpo
Loves-to-Learn Lots

We pull change, incident and security incident tickets from servicenow into splunk using the addon app for servicenow. Since we have upgraded the service now add on app to 7.8.0, we are unable to pull security incidents. The other data set related to changes, incident etc is coming through. We see the below error:

 

2024-08-06 19:22:13,103 ERROR pid=663322 tid=MainThread _data:274 | Failure occurred while getting records for the input: securityincident from the table: sn_si_incident of the servicenow host: xxxx The reason for failure= {'message': 'Insufficient rights to query records', 'detail': 'Field(s) present in the query do not have permission to be read'}. Contact Splunk administrator for further information.

 

 

Anyone had this issue?

Labels (3)
0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...