Hi Can you clarify what you mean. Do you want to use Splunk Dashboards inside the Servicenow UI? ... View more

I don't think it has to do with the version of Bro - not yet at least. I see you need to add an extra '/'. Not sure if this causing the issue but very possible. I would try to change things to: [monitor:///syslog_hot/splunk/bro] ... View more

Event Management is a premium pulgin that is not enabled by default. You might want to check that this module is enabled in your Servicewnow environment and that it has data. ... View more

Did you try whats suggested on this link: http://docs.splunk.com/Documentation/AddOns/latest/Box/Troubleshooting Per the above link, I would suggest to rerun he setup after clearing the cache and making sure the user has the right permission. ... View more

Hi Do you mean you want the time to show in 24h clock instead 12h clock? in other words in your example that would be 19:00 instead of 7PM? If this is the case you can do so by changing the locale. Here are some useful links: https://answers.splunk.com/answers/10643/time-format-for-results-in-en-us-vs-en-gb.html https://answers.splunk.com/answers/12509/possible-to-set-user-interface-to-show-24-clock.html ... View more

Hi, We have the same type of lookups already bundled with the ServiceNow Add-on. Take the example of the incident table. It includes assignment_group sys_id but not the name of the assignment group. So we index the sys_user_group table and have a savedsearch "ServiceNow Sys User Group List" to build the mapping between sys_user_group id to sys_user_group. We then use that csv file in the lookup applied on the incident table. I would apply the same concept to any other field with sys_id. You will just need to create a new input to the table where you would need to get that mapping from. I would use the latest version of the add-on 2.8.0 since it has few fixes related to the formatting of sys_ids returned by servicenow. Hope this helps. ... View more

What do you get when you run: index = _internal source=box error ... View more

I would first confirm that you are getting the data by running a search before you add panels: index=main sourcetype=box* If you are getting no data. I would following the troubleshooting steps per: http://docs.splunk.com/Documentation/AddOns/latest/Box/Troubleshooting ... View more

I have heard that if you can successfully do so using the custom search commands. Are you having any problem doing so? If so,, whats the error? ... View more

Hi, These are two different apps. (the old Okta App and the new one you see on splunkbase). It was taken down from splunkbase and replaced with the app and the Splunk add-on for Okta that is supported by Splunk. The dashboards in the new app should have the same capabilities that were in the old one in addition to few additional ones. ... View more

Can you please set it to debug and look for error events. First few events should suffice ... View more

Hi, Please try the following: http://docs.splunk.com/Documentation/AddOns/latest/OKTA/Troubleshoot Also can you paste the output of the search command highlighted on step#1 of the doc? Thanks, ... View more

you can go to /README/inputs.conf.spec. There would be an entry such as: [snow://] snow.py would be the main starting point. ... View more

We have a fix that is not yet officially released. I can send you the patch if you want to try it out. ... View more

There is a business rule that does the sync between the two fields. You might want to check this: https://community.servicenow.com/message/801220?_ga=1.84815579.354472655.1430263836#801220 ... View more

Hi, I have seen some snow implementations use state field and others use state_incident. We might need to change the default to be using state field to represent the status of the incident instead - in the meantime you can fix the behavior in your environment by applying the lookup to the state field (do it under local/ props.conf) [snow:incident] LOOKUP-incident_state = incident_state_lookup state OUTPUTNEW incident_state_name ... View more

Hi, Can you please create a support ticket and upload the diag logs for us to take a look? Thanks, ... View more

Hi, Can you confirm that you have the right permission to access client performance and there is data available for the same? Thanks, ... View more

when you run search against sophos data, do you see any file_path and file_name fields extracted? how about events timestamp, does it match what's in the raw event EventTime field? ... View more