Splunk IT Service Intelligence

Splunk ITSI and ServiceNow - Auto populate fields

taskar
Path Finder

Hi, I have installed and configured the Add-on for ServiceNow. Integration with notable events are working, incidents are created in Service Now. But I would like to have the fields auto populated from the notable event. See screenshot.

Is it possible to have a two-way communication? close the Notable Event when ServiceNow ticket is closed i.e.

Any tip?
alt text

0 Karma
1 Solution

taskar
Path Finder

Splunk_TA_snow/local/local/alert_actions.conf is the config file for populating the fields. But havent found any way to use use token variables such as %orig_description%, %orig_owner%, %orig_severity%, %orig_status%, and so on.

View solution in original post

0 Karma

AnilPujar
Path Finder

Could not run the action. Status: 500 (Internal Server Error) Details: Splunkd daemon is not responding: ("Error connecting to /servicesNS/nobody/-/service_now_incident/snow_incident: ('The read operation timed out',)",)

I'm getting this error, After Clicking Done on the same above screenshot

0 Karma

taskar
Path Finder

Splunk_TA_snow/local/local/alert_actions.conf is the config file for populating the fields. But havent found any way to use use token variables such as %orig_description%, %orig_owner%, %orig_severity%, %orig_status%, and so on.

0 Karma

MVREID
Path Finder

have you tried to use $result.orig_description$. That format was used for other alerting methods.

0 Karma

taskar
Path Finder

thanks for your reply. I've tried what you suggest - dont work any better. A workaround is to use Alerts instead of the ServiceNow integration in ITSI. Then tokens are working as expected. Rumors as it that a new integration with servicenow is coming Q1 2019. Fingers crossed

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...