I struggled with the same problem for AGES. No proxy. First of all, our SN API wasn't correctly set up. Once we got that set up, I was able to query:
https://MYCOMPANY.service-now.com/sys_journal_field.do?JSONv2&sysparm_query=sys_updated_on%3E=2000-01-01+00:00:00^ORDERBYsys_updated_on&sysparm_record_count=50
but kept getting the red ribbon giving the error messages in the SN add-on. Had Splunk specially send me v2.8 of the add-on to try, it gave me this error with https:
Encountered the following error while trying to update: Splunkd daemon is not responding: (u"Error connecting to /servicesNS/nobody/Splunk_TA_snow/apps/local/Splunk_TA_snow/setup: ('The read operation timed out',)",)
and this with http:
Encountered the following error while trying to update: In handler 'localapps': Error while posting to url=/servicesNS/nobody/Splunk_TA_snow/service_now_setup/snow_proxy/snow_proxy
I also tried v3.1, which only lets you do https, with the same error. Eventually I got it working with 3.1 by doing this:
*Verified my API was queryable correctly
*Logged into Splunk with the default admin account instead of my account (even though both have the same admin roles/all permissions)
*Set up add-on v3.1, got the error
*Installed SN app
*Restarted Splunk
*Tried to set up add-on again with error message
Then I looked at my indexes and the SN indexes were there and receiving data. I'm not sure what fixed it, be it the reboot, or having the app installed as well (which shouldn't make any sense), or what. But bottom line, you're probably going to get a red error message regardless if the setup worked or not. Pretty sure even though it doesn't tell you to, you need to reboot after getting the error message, and that does the trick
... View more