Alerting
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Service Now Ticket Generation via Splunk Alerts

splunkit2010
Explorer
‎05-02-2012 06:27 AM

We are monitoring some PCI related systems for real-time system file changes.
If detected, we would like to fire off an email alert message, creating a ticket once that email is received.

Service Now is our help desk solution. Has anyone developed anything to address this type of situation?
Thanks!

Tags (1)
Reply

halr9000
Motivator
‎10-25-2013 10:48 AM

Check out this Splunk for ServiceNow app, which does provide the capability to create tickets based on a search results.

http://apps.splunk.com/app/1228/

0 Karma
Reply

dwaddle
SplunkTrust
SplunkTrust
‎05-02-2012 06:33 AM

I have no experience with Service Now, but alerts that fire an email are pretty simple. Assuming that your ticketing system has the ability to open a new ticket based on an email, you're set.

Personally, I might look into a more tight integration using a script fired as part of an alert and use the ticketing system's API to create a new ticket. This could give you more flexibility in how the ticket is made and what is put into it.

Reply

dwaddle
SplunkTrust
SplunkTrust
‎05-02-2012 07:58 AM

I think you've been given your answer, but it will require some work on your part. Splunk can call a script when an alert is triggered. That script can do anything you want it to do, including call a program that uses the ticketing system's API to submit a ticket. Splunk doesn't natively know about your ticketing system's API, and your ticketing system's API knows nothing of Splunk. But, your script can provide the glue between them. If you don't have programming skills, then this will be more difficult, and you should consult with someone who has the programming skills to help do this.

Reply

santosh_sshanbh
Path Finder
‎02-06-2019 03:09 AM

What kind of programming skills would be required for this? Can you please guide me on what type of script can be written to create incident in SNOW and also how the data can be passed to the script via Alert as when I got to edit alert action and add a new action of Run a script, I can only mention the path of the script.

Any detailed steps in this would help me.

0 Karma
Reply

splunkit2010
Explorer
‎05-02-2012 06:47 AM

I checked with support and received:
"Splunk can trigger alerts, and while natively we can't just interface with an API out of the box, you're certainly welcome to write a script and call that script as an alert action to one of your saved searches. This would be a function of your operating system."

From our Helpdesk folks I received:
"My first questions is can the system alerting utilize API calls to create the incidents? This is the preferred method. However, if e-mail is the only method, then in the e-mail generated, you would need to have value pairs to properly populate the fields."

0 Karma
Reply
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

REGISTER NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If ...

Observability | Use Synthetic Monitoring for Website Metadata Verification

If you are on Splunk Observability Cloud, you may already have Synthetic Monitoringin your observability ...

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

Tuesday, May 14, 2024  |  11AM PT / 2PM ET Register to Attend Join us for this Tech Talk and learn how to ...