Hello - I'm overall a novice to Splunk as my focus is more on ServiceNow Admin. But I'm trying to get a better high level understanding how Splunk is working with our SN environment and Event Management to better help support when Splunk/Event Management issues crop up. I haven't had a chance to discuss further with our local support who integrated/setup this last year with a outside vendor's support. So I thought I'd ask here. We have Splunk setup (using SN Splunk add-on) to create events in ServiceNow. We have a local Splunk account with the proper Splunk role and access to the rest api. And all seems to work from what I understand in most cases. I'm just trying to understand what the transaction logs are telling me. Splunk seems to create a large number of transactions during the day. Many of them appear to be just looking at / scanning the em_event (note the URL without parameters) while a some others also include parameters (in the url query string. (/api/now/table/em_event?sysparm_exclude_reference_link=true&sysparm_query=sys_created_on......) What would be causing the splunk rest api transaction where there are no parameters being passed? Is this normal? From what I understand, the transactions with parameters would be coming from Splunk where our splunk admin setup such a query. Just trying to get a clearer picture on this part of the integration. Thanks SN Transaction Log
... View more