Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
All Apps and Add-ons
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Why do we need a ServiceNow add-on on a search hea...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ips_mandar
Builder
08-07-2018
12:31 AM
Hi,
I will be configuring service now in splunk distributed cloud environment. I have gone through documentation and still, I have few questions:
- Why we need service now add-on on search head as well? Is it not possible to have add-on on Heavy forwarder alone and service now app on Search head...
- I am using OMS app as well in Heavy forwarders which connect and receive input from port 443 so can I also receive Service now data in forwarder using same 443 port?
- Splunk service now add-on is for input setup and service now app is for dashboards i.e. data to be visualized..is my understanding correct?
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aivarson_splunk
Splunk Employee
08-07-2018
08:26 AM
- The Add-ons contain lookups and field extractions that happen at search time. If you have it at the Heavy Forwarder layer it will handle the inputs (data onboarding) and some index time field extractions but won't do the search time extractions or lookups.
- You don't need to specify a port on Splunk to use. It's a REST API input. That is a pull from your ServiceNow system so it's whatever port (likely 443) that your ServiceNow site uses. Just follow the instructions from our add-on and you should be good. http://docs.splunk.com/Documentation/AddOns/released/ServiceNow/About
- That is a correct statement for most Add-on vs App discussions. Some add-ons like this one will also do a little more than just inputs. This add-on also contains lookups to convert any cryptic field values to human readable text and do the field extractions which make the dashboards populate nicely. The Add-on also contains a few pre-built panels if you want to build your own dashboards and it contains some alerts actions if you want to send data back to ServiceNow.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aivarson_splunk
Splunk Employee
08-07-2018
08:26 AM
- The Add-ons contain lookups and field extractions that happen at search time. If you have it at the Heavy Forwarder layer it will handle the inputs (data onboarding) and some index time field extractions but won't do the search time extractions or lookups.
- You don't need to specify a port on Splunk to use. It's a REST API input. That is a pull from your ServiceNow system so it's whatever port (likely 443) that your ServiceNow site uses. Just follow the instructions from our add-on and you should be good. http://docs.splunk.com/Documentation/AddOns/released/ServiceNow/About
- That is a correct statement for most Add-on vs App discussions. Some add-ons like this one will also do a little more than just inputs. This add-on also contains lookups to convert any cryptic field values to human readable text and do the field extractions which make the dashboards populate nicely. The Add-on also contains a few pre-built panels if you want to build your own dashboards and it contains some alerts actions if you want to send data back to ServiceNow.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ips_mandar
Builder
08-07-2018
08:50 AM
Thank you so much @aivarson_splunk
Yes, I want to send data back to service now and it can happen through service now add-on (in SH) correct?
can you please suggest port for service now data to collect in heavy forwarder.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
aivarson_splunk
Splunk Employee
08-07-2018
09:01 AM
Is this your own Splunk running in the cloud or SplunkCloud (our SaaS product)? If it is your Splunk in the cloud (Bring your own license) then you can do it from the SH. If it is our SplunkCloud the current solution is to configure an on-premise Search Head and put it in Hybrid Search Mode to perform your alert actions.
Correction to #2 above. You don't need to specify a port on Splunk to use. It's a REST API input. That is a pull from your ServiceNow system so it's whatever port (likely 443) that your ServiceNow site uses. Just follow the instructions from our add-on and you should be good. http://docs.splunk.com/Documentation/AddOns/released/ServiceNow/About
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ips_mandar
Builder
08-07-2018
09:55 AM
I am using virtual machines(windows os) on azure cloud where splunk is installed.
thanks.
Get Updates on the Splunk Community!
Routing logs with Splunk OTel Collector for Kubernetes
The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...
Welcome to the Splunk Community!
(view in My Videos)
We're so glad you're here!
The Splunk Community is place to connect, learn, give back, and ...
Tech Talk | Elevating Digital Service Excellence: The Synergy of Splunk RUM & APM
Elevating Digital Service Excellence: The Synergy of Real User Monitoring and Application Performance ...
