All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk to Servicenow integration via Email

swatghare
Path Finder
‎11-17-2017 01:22 AM

Hello
We are trying to integrate Splunk (with Enterprise Security) with ServiceNow and we cannot use direct integration due to below points:
1. ServiceNow is using Jakarta version which we do not see currently being supported by Splunk
2. ServiceNow team is not ready to install Splunk plugin in their environment due to some techinical issues

So we are trying to achieve the integration by sending ES Splunk Alert as Email and then Email inputs will be mapped with ServiceNow.
We need help/information if we can get same fields / inputs from ES Correlation search into an Email so as to ticket in servicenow.

If someone have tried earlier then please help me to get this integration working by getting same fields and inputs as we received through direct integration.

Regards
Sushant

Tags (1)
0 Karma
Reply

nickhills
Ultra Champion
‎11-23-2017 08:31 AM

Not that it helps you directly, but Splunk_TA_snow 3.0 which supports Jakarta was released a few days ago.
You could try a bit more arm-twisting?

If my comment helps, please give it a thumbs up!
0 Karma
Reply

koshyk
Super Champion
‎11-17-2017 03:24 AM

are you using servicenow saas? They should be able to easily upgrade. Also there is Service Now SecOps app to do it too: https://docs.servicenow.com/bundle/istanbul-security-management/page/product/splunk-integration/conc...

0 Karma
Reply

swatghare
Path Finder
‎11-23-2017 03:33 AM

They cannot upgrade, as it is shared between many customer (shared SNOW) , so no plug in installation is possible. This is the reason we are trying Email Integration , but normal email integration have limited data it do not populate the data as done by pre-built apps in Splunk/SNOW.

Do anyone have any script which can convert the ES Correlation Search into XML and feed into ServiceNow

0 Karma
Reply
Get Updates on the Splunk Community!

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer at Splunk .conf24 ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...

Share Your Ideas & Meet the Lantern team at .Conf! Plus All of This Month’s New ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...

Combine Multiline Logs into a Single Event with SOCK: a Step-by-Step Guide for ...

Combine multiline logs into a single event with SOCK - a step-by-step guide for newbies Olga Malita The ...