TL;DR and I'm sorry. And desperate. So I am basically trying to get the system and application tables from ServiceNow into Splunk and was advised to use the Splunk Add-on for ServiceNow Note that this is not the Security Operations ServiceNow integration app. I have followed this documentation word for word but cannot establish a connection to either of the 2 ServiceNow tenants I am testing with. The addon implies it is a network or internet issue. Using the application logs at index=_internal sourcetype="ta_snow" the error message indicates it is either a proxy issue or a certificate issue. I see absolutely no requests in my proxy logs and no traffic to ServiceNow from the Splunk server I have installed the addon on (although other internet destined traffic is). I have attempted 1) using the cli to create the account connection and specify to disable certificate validation 2) added the Root CA of the ServiceNow tenant to the addon as advised at the bottom of the documentation I linked above. Still, I get the same errors. It is almost as if the addon is not recognizing any changes I make through the cli. Curious if anyone has successfully deployed this addon and if they had to do anything special certificate-wise, or if anyone has had issues creating accounts through the cli. I have left some of the error below Thanks in advance! 3-05-24 22:34:36,657 ERROR pid=73561 tid=MainThread file=splunk_ta_snow_account_validation.py:validate:154 | Unable to reach ServiceNow instance at https://derp.service-now.com. The reason for failure is=Traceback (most recent call last): File "/opt/splunk/etc/apps/Splunk_TA_snow/lib/urllib3/util/ssl_.py", line 402, in ssl_wrap_socket context.load_verify_locations(ca_certs, ca_cert_dir, ca_cert_data) PermissionError: [Errno 13] Permission denied During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/opt/splunk/etc/apps/Splunk_TA_snow/lib/urllib3/connectionpool.py", line 700, in urlopen self._prepare_proxy(conn) File "/opt/splunk/etc/apps/Splunk_TA_snow/lib/urllib3/connectionpool.py", line 994, in _prepare_proxy conn.connect() File "/opt/splunk/etc/apps/Splunk_TA_snow/lib/urllib3/connection.py", line 424, in connect tls_in_tls=tls_in_tls, File "/opt/splunk/etc/apps/Splunk_TA_snow/lib/urllib3/util/ssl_.py", line 404, in ssl_wrap_socket raise SSLError(e) urllib3.exceptions.SSLError: [Errno 13] Permission denied During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/opt/splunk/etc/apps/Splunk_TA_snow/lib/requests/adapters.py", line 499, in send timeout=timeout, File "/opt/splunk/etc/apps/Splunk_TA_snow/lib/urllib3/connectionpool.py", line 786, in urlopen method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2] File "/opt/splunk/etc/apps/Splunk_TA_snow/lib/urllib3/util/retry.py", line 592, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='derp.service-now.com', port=443): Max retries exceeded with url: /incident.do?JSONv2&sysparm_query=sys_updated_on%3E=2000-01-01+00:00:00&sysparm_record_count=1 (Caused by SSLError(PermissionError(13, 'Permission denied'))) During handling of the above exception, another exception occurred:
... View more