Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Getting error while adding ServiceNow incident through Splunk add-on: "Failed to create ticket..."

smitra_cis
Observer
‎07-21-2020 04:10 PM

Hello 

I am getting the following error while inserting the incident in ServiceNow through Splunk Add-On (while the connectivity between Splunk and ServiceNow is established, able to retrieve the incidents in Splunk)

command="snowincidentstream", Failed to create ticket. Return code is 400 (Bad Request). One of the possible causes of failure is absence of event management plugin or Splunk Integration plugin on the ServiceNow instance. To fix the issue install the plugin(s) on ServiceNow instance.

Search

source="cpu_data_updated_1.csv" |where CPU___Usage >= 47|eval contact_type="email"
| eval account="splunk_snow_dev"
| eval contact_type="email"
| eval custom_fields="u_affected_user=nobody||u_caller_id=12345"
| eval ci_identifier=host
| eval priority=1 | eval category="Software"
| eval subcategory="database"
| eval short_description="CPU on ". host ." is at ". CPU___Usage
| table account, category, subcategory, short_description, contact_type, custom_fields, ci_identifier, priority |snowincidentstream

------------

Getting this even after installing both the plugins and following the instructions in the link: - https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/ConfigureServiceNowtointegratewithS...

Regards

Labels (1)
Labels
Tags (3)
0 Karma
Reply

kdroddy
Explorer
‎07-25-2020 10:29 AM

Hello,

When you go to ServiceNow, under "Installation Checklist":

kdroddy_0-1595698120857.png

Are the appropriate steps list as "Complete" under "Task Status"?

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...