In Splunk Add-on for ServiceNow, we have ServiceNow incident integration alerts to create incidents.
In addition to the field provided to add incidents like "co-relation id","Assignment group", can we add more fields to the same like
Description and Caller id?
Hopefully Splunk will add this functionality soon. In the meantime I have created some documentation on how to do this process here: https://answers.splunk.com/answers/736869/servicenow-how-do-set-extra-custom-fields-when-cre.html
@ChrisBell04 did you get any answer or solution for this request..as i am facing the same
Nope.
Enhancement requests have been logged for Splunk development. Feel free to create your own support requests and reference those two tickets, so it shows other customers want these features sooner than later.
Enhancement request ADDON-17893 has been filed to add the Description field to incident creation.
There is a lot of data that we would like to update via the SNOW integration with Splunk as we create tickets. As it stands, they're quite sparse. We would love to be able to add additional information to minimize the amount of work that a human has to put into the ticket.
The value of the integration is lacking as it stands.
We ingest what the the Servicenow REST endpoint exposes. This is the call we make
https://.service-now.com/.do?JSONv2&sysparm_query=sys_created_on>=2016-01-01+00:00:00^ORDERBYsys_created_on&sysparm_record_count=50 mysinstance.service-now.com
at the end we are limited to what SNOW exposes. check with your admin, if there is a way to add more fields.
@chrisbell04
We want to raise SNOW incidents from Splunk ES. We want to send the urgency and severity fields to SNOW, but the alert action doesnt have these fields. And it sends these values as default to SNOW. Is there any way to make other fields visible?We are using 2.9.1 version of Snow Add On, and upgrading to 3.1 within next 2 weeks
Hi ehadded,
https://.service-now.com/.do?JSONv2&sysparm_query=sys_created_on>=2016-01-01+00:00:00^ORDERBYsys_created_on&sysparm_record_count=50 mysinstance.service-now.com
above the urls are not opening.
Thanks and Regards,
Vignesh
@ehaddad [Splunk]
That .do?JSONv2 REST endpoint is very old (CALGARY & DUBLIN releases per \Splunk_TA_snow\bin\snow_ticket.py). Any of the modern REST endpoints use the Table API (api/now/table/). That being all said, caller_id is a standard field which has been around for years and should be supported by this addon.
I'd really rather not have to hack the various Python scripts to get this feature supported...
caller_id aka Requester has been logged as enhancement request SNOWAPP200.