Splunk Search

create ticket in service now - arguments missing

multiverse
Engager

It’s worth noting that this issue is being tested under the Splunk application for OS X. The goal is to get Splunk creating tickets in Service Now based on scheduled alerts. My working example is a WARN when a disk crosses the threshold of 20% available.

The search I have scheduled in Splunk looks like this:

index=* sourcetype=df | multikv | eval perc_used=trim(UsePct, "%") | search perc_used >= 80

I have put the rest of the gory details here so as not to abuse this forum:

http://themap.multiverse.org/snow_alert-sh-does-not-create-service-now-ticket-when-scheduled-under-s...

Thank you very much

Tags (1)
0 Karma

ashish_test
New Member

Link Provided is not displaying contents. Error 404:Page not found !
Can you please share the information about how we can create the tickets in servicenow using splunk.

0 Karma

jonuwz
Influencer

I've read the link. How are you authenticating within the snow script when its called from an alert ? When you run it from the CLI it looks like you need to enter a username / password.
Also - what arguments do you think are missing ? Have you added debug to the script and redirected it to file to see where i tgoes wrong ?

0 Karma
Get Updates on the Splunk Community!

Using Machine Learning for Hunting Security Threats

WATCH NOW Seeing the exponential hike in global cyber threat spectrum, organizations are now striving more for ...

Observability Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestSplunk APM's New Tag Filter ExperienceSplunk APM has updated ...

Security Newsletter Updates | March 2023

 March 2023 | Check out the latest and greatestUnify Your Security Operations with Splunk Mission Control The ...