All Apps and Add-ons

Splunk Add-on for ServiceNow: Splunk is not pulling Change Management data from ServiceNow

srikanth1213
Path Finder

Hi Splunksters,

We have this issue in our environment where Splunk is pulling correct Incident Data from ServiceNow, however it is unable to pull the Change ticket data from ServiceNow. It has stopped pulling data since 25 Aug 2016 when there was an issue from ServiceNow; that issue was fixed on 30 Aug 2016.

When I looked into ta_snow.log the only query it is trying to pull is below. I did try to refresh the connection between Splunk and ServiceNow but no luck. Is there something I am missing here? Kindly let me know.

2016-09-09 14:55:15,226 INFO 9200 - end https://itsm.dtcc.com/change_request.do?JSONv2&sysparm_query=sys_updated_on>=2017-03-09+15:17:49^ORD...

Regards
Srikanth.D

0 Karma
1 Solution

srikanth1213
Path Finder

Jus thought of posting the fix.
To fix the issue we had to edit "change_request.sys_updated_on" in the location "E:\Program Files\Splunk\var\lib\splunk\modinputs"and change the date to the one from which we were missing the Change date i.e from 08/25/2016, as it was holding the future date i.e 2017-09-03, files were not getting indexed.
The issue was caused when SNOW team had installed a plugin that generated bogus Change tickets with future time stamps.

View solution in original post

0 Karma

srikanth1213
Path Finder

Jus thought of posting the fix.
To fix the issue we had to edit "change_request.sys_updated_on" in the location "E:\Program Files\Splunk\var\lib\splunk\modinputs"and change the date to the one from which we were missing the Change date i.e from 08/25/2016, as it was holding the future date i.e 2017-09-03, files were not getting indexed.
The issue was caused when SNOW team had installed a plugin that generated bogus Change tickets with future time stamps.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...