Source types for the Splunk Add-on for ServiceNow
The Splunk Add-on for ServiceNow provides the index-time and search-time knowledge for any database table exposed by ServiceNow REST APIs. When the add-on collects a ServiceNow database table, the add-on assigns a source type for the events, using the schema snow:database_table_name
.
The inputs.conf
provides the following preconfigured inputs, which are disabled by default. Enable these data inputs in Splunk Web, or manually edit local/inputs.conf
by adding disabled=false
for each input. For more information, see Configure inputs for the Splunk Add-on for ServiceNow.
Click on the links in the CIM data model column to navigate to the Common information model add-on documentation.
For more information about the ServiceNow database tables, search for "Tables and Classes" in the ServiceNow product documentation.
The search-time source type renaming is for backwards compatibility with data ingested by older versions of the Splunk Add-on for ServiceNow.
Database table name | Source Type | Search-time renaming | CIM data models |
---|---|---|---|
change_request
|
snow:change_request
|
None | Ticket Management |
change_task
|
snow:change_task
|
None | Ticket Management |
cmdb
|
snow:cmdb
|
None | N/A |
cmdb_ci_app_server
|
snow:cmdb_ci_app_server
|
None | N/A |
cmdb_ci_db_instance
|
snow:cmdb_ci_db_instance
|
None | N/A |
cmdb_ci_infra_service
|
snow:cmdb_ci_infra_service
|
None | N/A |
cmdb_ci
|
snow:cmdb_ci
|
snow:cmdb_ci_list
|
N/A |
cmdb_ci_server
|
snow:cmdb_ci_server
|
None | N/A |
cmdb_ci_service
|
snow:cmdb_ci_service
|
None | N/A |
cmdb_ci_vm
|
snow:cmdb_ci_vm
|
None | N/A |
cmdb_rel_ci
|
snow:cmdb_rel_ci
|
None | N/A |
cmn_location
|
snow:cmn_location
|
snow:cmn_location_list
|
N/A |
em_event
|
snow:em_event
|
None | N/A |
incident
|
snow:incident
|
None | Ticket Management |
problem
|
snow:problem
|
None | Ticket Management |
sys_audit
|
snow:sys_audit
|
None | N/A |
sys_audit_delete
|
snow:sys_audit_delete
|
None | N/A |
sys_choice
|
snow:sys_choice
|
snow:sys_choice_list
|
N/A |
sys_user_group
|
snow:sys_user_group
|
snow:sys_user_group_list
|
N/A |
sys_user
|
snow:sys_user
|
snow:sys_user_list
|
N/A |
sysevent
|
snow:sysevent
|
None | N/A |
syslog_transaction
|
snow:syslog_transaction
|
None | N/A |
Deprecated tables
The following sourcetype is deprecated:
Deprecated tables | Source type | ||
---|---|---|---|
syslog
|
snow:syslog
|
Supported for backwards compatibility only. For best performance, disable data collection from this deprecated table and collect from sysevent instead.
|
Splunk Add-on for ServiceNow | Release notes for the Splunk Add-on for ServiceNow |
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released
Feedback submitted, thanks!