Sending Splunk Alert to SNOW and automatically cr...

spl_unker · ‎09-07-2020

Hello Splunkers ,

I want to like to integrate Splunk and ServiceNow and send the triggered alerts to SNOW as an incident. I know there is an app in Splunkbase to integrate with SNOW. But i dont find the steps on how to configure to send the alerts as an incident in SNOW.

Can someone help me with the high level steps?

Thanks in Advance

thambisetty · ‎09-08-2020

Latest version of splunk add-on for servicenow is 6.0.3

okay, follow below steps:

configure your servicenow instance with app recommended in add-on doc.
once servicenow instance is configured, you will get URL and credentials.
install TA on search head
Configure URL and credentials in TA.
create a search and save it as alert.
add alert action incident create from servicenow
fill details

if you found this useful, up vote.

————————————
If this helps, give a like below.

thambisetty · ‎09-07-2020

do you have enterprise security in place ?

which version of Splunk add-on for service now are you using?

————————————
If this helps, give a like below.

spl_unker · ‎09-07-2020

No , I have a Non-ES Splunk. Im yet to install the SNOW add-on . Just exploring the steps before installing the SNOW. However i will be using the latest version 4.0.3.

Sending Splunk Alert to SNOW and automatically create an incident ticket

alert action

Archived Metrics Now Available for APAC and EMEA realms

Detecting Remote Code Executions With the Splunk Threat Research Team

Enter the Dashboard Challenge and Watch the .conf24 Global Broadcast!