I've just loaded Splunk for ServiceNow and it's working fine. I can run queries and get data.
I do have one question. I'd like to run a search and collect data based on time stamps between 2 dates. I was trying to use "_encoded query" and although that filter function works fine, I can't figure out the format of the date inputs.
As an example, the search below works great;
|snow instance=<sn instance> request=<sn table name> action=query __encoded_query="name=<criteria 1>^ORname=<criteria 2>" | table sys_created_on, name, parm_A, param_B
But when I try to add a date parameter, nothing works;
|snow instance=<sn instance> request=<sn table name> action=query __encoded_query="name=<criteria 1>^ORname=<criteria 2>;sys_created_on>2014-04-18 13:15:00" | table sys_created_on, name, parm_A, param_B
I assume this is a ServiceNow issue but I'm looking for help configuring a Splunk search string.
~Ed
I ~think~ I got this one. I changed the search to the following;
|snow instance=<sn instance> request=<sn table name> action=query __encoded_query="name=<criteria 1>^ORname=<criteria 2>^sys_created_on > 2014-04-18 16:16:00" | table sys_created_on, name, parm1, parm2
And this seemed to work.
I ~think~ I got this one. I changed the search to the following;
|snow instance=<sn instance> request=<sn table name> action=query __encoded_query="name=<criteria 1>^ORname=<criteria 2>^sys_created_on > 2014-04-18 16:16:00" | table sys_created_on, name, parm1, parm2
And this seemed to work.