All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Installing a forwarder on ServiceNow

jclehmuth
Path Finder
‎01-21-2014 10:55 AM

I have been tasked to "integrate" ServiceNow with a Splunk instance. We have a server where Splunk is installed and there is a separate machine where ServiceNow is installed. The people that are requesting this want to use the ServiceNow app. I have no experience with ServiceNow. I installed a universal forwarder on the ServiceNow server. So I hvae a couple questions...
Does the app still work with a forwarder? Or should I install a regular Splunk instance on the ServiceNow server and forward it to my regular search head?

Thanks in advance.

0 Karma
Reply

philparker
Engager
‎11-19-2015 11:38 AM

Hi,

We have just build just that and so much more. SkyFormation Extend (c) for Splunk extracts security events from multiple
business cloud applications (e.g. Salesforce, Google App, ServiceNow, Office 365,AWS,...) and transforms them to unified and actionable events sent to your Splunk or other SIEM solution.

No more cloud applications integration or classification worries, and all in unified form for easiest correlations and investigation across apps.

SkyFormation is a Java app you can install at on-premise on any machine you want, and it will take you 5 minutes to set it up.

Please have a look at:
https://splunkbase.splunk.com/app/2932/

Feel more then welcome to ask me any question at support@skyformation.com

Best
Phil
www.skyformation.com

Reply

piebob
Splunk Employee
Splunk Employee
‎01-21-2014 11:36 AM

The Splunk for ServiceNow add-on is just a custom search command ("snow") for your users to use.

you should install the add-on on the Splunk host your users are using for searching (if they're using a search head, install it there), and install the universal forwarder on the ServiceNow server (as you've done) and forward the ServiceNow logs to your main Splunk instance.

unrelated, but there are some notes in the Documentation tab for the ServiceNow add-on that might be useful for your users:
http://apps.splunk.com/app/1228/

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...