Splunk® Supported Add-ons

Splunk Add-on for ServiceNow

Source types for the Splunk Add-on for ServiceNow

The Splunk Add-on for ServiceNow provides the index-time and search-time knowledge for any database table exposed by ServiceNow REST APIs. When the add-on collects a ServiceNow database table, the add-on assigns a source type for the events, using the schema snow:database_table_name.

The inputs.conf provides the following preconfigured inputs, which are disabled by default. Enable these data inputs in Splunk Web, or manually edit local/inputs.conf by adding disabled=false for each input. For more information, see Configure inputs for the Splunk Add-on for ServiceNow.

Click on the links in the CIM data model column to navigate to the Common information model add-on documentation.

For more information about the ServiceNow database tables, search for "Tables and Classes" in the ServiceNow product documentation.

The search-time source type renaming is for backwards compatibility with data ingested by older versions of the Splunk Add-on for ServiceNow.

Database table name Source Type Search-time renaming CIM data models
change_request snow:change_request None Ticket Management
change_task snow:change_task None Ticket Management
cmdb snow:cmdb None N/A
cmdb_ci_app_server snow:cmdb_ci_app_server None N/A
cmdb_ci_db_instance snow:cmdb_ci_db_instance None N/A
cmdb_ci_infra_service snow:cmdb_ci_infra_service None N/A
cmdb_ci snow:cmdb_ci snow:cmdb_ci_list N/A
cmdb_ci_server snow:cmdb_ci_server None N/A
cmdb_ci_service snow:cmdb_ci_service None N/A
cmdb_ci_vm snow:cmdb_ci_vm None N/A
cmdb_rel_ci snow:cmdb_rel_ci None N/A
cmn_location snow:cmn_location snow:cmn_location_list N/A
em_event snow:em_event None N/A
incident snow:incident None Ticket Management
problem snow:problem None Ticket Management
sys_audit snow:sys_audit None N/A
sys_audit_delete snow:sys_audit_delete None N/A
sys_choice snow:sys_choice snow:sys_choice_list N/A
sys_user_group snow:sys_user_group snow:sys_user_group_list N/A
sys_user snow:sys_user snow:sys_user_list N/A
sysevent snow:sysevent None N/A
syslog_transaction snow:syslog_transaction None N/A

Deprecated tables

The following sourcetype is deprecated:

Deprecated tables Source type
syslog snow:syslog Supported for backwards compatibility only. For best performance, disable data collection from this deprecated table and collect from sysevent instead.
Last modified on 11 December, 2024
Splunk Add-on for ServiceNow   Release notes for the Splunk Add-on for ServiceNow

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters