Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Getting error while adding ServiceNow incident through Splunk add-on: "Failed to create ticket..."

smitra_cis
Observer
‎07-21-2020 04:10 PM

Hello 

I am getting the following error while inserting the incident in ServiceNow through Splunk Add-On (while the connectivity between Splunk and ServiceNow is established, able to retrieve the incidents in Splunk)

command="snowincidentstream", Failed to create ticket. Return code is 400 (Bad Request). One of the possible causes of failure is absence of event management plugin or Splunk Integration plugin on the ServiceNow instance. To fix the issue install the plugin(s) on ServiceNow instance.

Search

source="cpu_data_updated_1.csv" |where CPU___Usage >= 47|eval contact_type="email"
| eval account="splunk_snow_dev"
| eval contact_type="email"
| eval custom_fields="u_affected_user=nobody||u_caller_id=12345"
| eval ci_identifier=host
| eval priority=1 | eval category="Software"
| eval subcategory="database"
| eval short_description="CPU on ". host ." is at ". CPU___Usage
| table account, category, subcategory, short_description, contact_type, custom_fields, ci_identifier, priority |snowincidentstream

------------

Getting this even after installing both the plugins and following the instructions in the link: - https://docs.splunk.com/Documentation/AddOns/released/ServiceNow/ConfigureServiceNowtointegratewithS...

Regards

Labels (1)
Labels
Tags (3)
0 Karma
Reply

kdroddy
Explorer
‎07-25-2020 10:29 AM

Hello,

When you go to ServiceNow, under "Installation Checklist":

kdroddy_0-1595698120857.png

Are the appropriate steps list as "Complete" under "Task Status"?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...