Splunk Enterprise Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise Security and Splunk App/Add-on for ServiceNow: How to dreate SNOW incidents from ES incidents?

john_miller1
Explorer
‎12-18-2015 12:28 PM

Using the latest Splunk Entperirse Security and Splunk App/Add-on for ServiceNow.

I'm trying to get incidents in ES to push over to ServiceNow. Has anyone been successful with doing so? I've tried using the snow_incident.py script and have tried modifying the searches in correlations to use the custom search option passing the required fields.

I didn't see a way to integrate the snow custom alerts to anything in ES either. Just looking for some direction or tips on how to facilitate this.

Any help is greatly appreciated!

Reply

krishnab
Path Finder
‎04-07-2018 03:44 AM

Hi,I assume you want to send an event to SNOW to create an incident.

The best thing is to save your query as an alert.

Once done that in the trigger action column in alerts,you'll find an action as "SNOW incident managment".

through this you can send your events from an alert to SNOW.

Assume,you have many rows of data like hostname,usage,which can be sent by mentioning it as $result.ur fieldname$

0 Karma
Reply

gcato
Contributor
‎04-06-2018 02:16 PM

Hope this answer might help you.

https://answers.splunk.com/answers/597366/problem-with-alert-triggered-scripts-for-serviceno.html

0 Karma
Reply

ehaddad_splunk
Splunk Employee
Splunk Employee
‎12-18-2015 03:35 PM

I have heard that if you can successfully do so using the custom search commands. Are you having any problem doing so? If so,, whats the error?

0 Karma
Reply

yannK
Splunk Employee
Splunk Employee
‎03-08-2017 04:38 PM

can you put the script name directly ?
example: snow_incident_m.py

and add the Splunk_TA_snow as an import on ES.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...

Splunk MCP & Agentic AI: Machine Data Without Limits

Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization uses ...