Installation
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to create a servicenow Event & Incident without installing the plugins?

raja8220
New Member
‎10-03-2019 05:48 AM

I need to integrate the Splunk and servicenow without installing the plugin. My Servicenow Admin requesting me to send the below detail to REST API of servicenow event table.

And the below detail needs to send in JSON format and in the --additional_info field:

{
    "NodeName":  "XX",
    "NodeIPAddress":  "XX",
    "InterfaceName":  "XX",
    "InterfaceTransmit (%)":  "XX %",
    "InterfaceReceive (%)":  "XX%",
    "DateTime":  "XX",
    "AssignmentGroup":  "XX",
    "LocationID":  "XX"
}

How I can do this by simple SPL?

Labels (1)
Labels
0 Karma
Reply

raja8220
New Member
‎11-05-2019 07:15 AM

Without installing the plugin i need to create events in servicenow ??

Any way ??

0 Karma
Reply

ddelmont
Explorer
‎07-29-2020 01:44 PM

I have the same issue.  I have the plugin install, but it doesn't support the additional_info field they are asking me to populate.

I found the json_object and json_array commands that look like they will work to create the json blob. 

I still need to figure out how to make the API call to send the data over.

I'll post again if I figure that part out.

0 Karma
Reply

hkubavat_splunk
Splunk Employee
Splunk Employee
‎10-23-2019 04:28 AM

I think it's not possible. You need to install the Splunk plugin to create incidents and events from Splunk because Splunk hit the rest API to some intermediate tables created through that plugin and after that plugin create actual incidents and events in the ServiceNow.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-03-2019 08:25 AM

Download the ServiceNow plugin and look at how it does that. I believe you'll find it's not simple SPL.
Is there a reason why you can't install the app?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

raja8220
New Member
‎10-21-2019 07:57 AM

If the servicenow upgraded and in case the plugin not supported for new version then it will be a problem.

I have the REST API of servicenow to create a incident but i need to pass some JSON payload to generate.

I have tested POST REST API with postman with the body JSON am able to create incident but i cant call the same in splunk.

How can i add the POST body JSON payload in splunk ?

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...