Related Answers
Download topic as PDF
Release notes for the Splunk Add-on for ServiceNow
Version 7.7.0 of the Splunk Add-on for ServiceNow was released on December 8, 2023.
Compatibility
Version 7.7.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:
| Splunk platform versions | 8.1.x, 8.2.x, 9.0.x, 9.1.x |
| CIM | 5.1.0 |
| Supported OS for data collection | Platform Independent |
| Vendor products | ServiceNow Quebec, Rome, San Diego, Tokyo, Utah, and Vancouver |
Splunk has reviewed and updated the field aliases in this add-on for compatibility with the new field alias behavior change available from Splunk v7.3.4 and above.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
New features
Version 7.7.0 of the Splunk Add-on for ServiceNow includes the following new features:
- Added support for ServiceNow Vancouver.
Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.
From the ServiceNow add-on release 7.2.1 onward, we have removed the support of HTTP_NO_TUNNEL and SOCKS4 proxy. We recommend using an HTTP or SOCKS5 proxy instead.
Fixed issues
Version 7.7.0 of the Splunk Add-on for ServiceNow has the following, if any, fixed issues. If no issues appear below, no issues have yet been reported:
Known issues
Version 7.7.0 of the Splunk Add-on for ServiceNow has the following known issues. If no issues appear below, no issues have yet been reported:
| Date filed | Issue number | Description |
|---|---|---|
| 2023-07-18 | ADDON-63502 | Service Now TA Integration not returning Incident value to ITSI : returning SPL instead of INC prefix when passing Default endpoint arguments Workaround: Remove the default value (/api/now/table/x_splu2_splunk_ser_u_splunk_incident) from the scripted_endpoint textbox. |
| 2022-09-13 | ADDON-55704 | Data miss due to active updation of records during data collection |
| 2021-03-06 | ADDON-34668 | ITSI ServiceNow TA passing timestamp in wrong format Workaround: 1. From the ServiceNow interface, select Transform Maps under the System Import Sets -> Administration section and search for "Splunk Incident Transformation" under the Name column. 2. Click on the Splunk Incident Transformation transform map then scroll down under "Field Maps" till you find "sys_created_on" under the "Source Field" column. Note: In some of the ServiceNow versions (eg. San Diego), it has been observed that UI is rendering the date format with 'HH' time stamp even though 'hh' is there in the backend. So to fix this type of issue open the transform mapping of 'sys_created_on' and remove the date format value whichever is present and re-update that with "yyyy-MM-dd HH:mm:ss" value. |
| 2019-09-10 | ADDON-23239 | Getting ERROR exception logs in splunkd.log for Inputs Page |
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a document file for download:
Splunk Add-on for ServiceNow third-party software credits.
|
PREVIOUS Source types for the Splunk Add-on for ServiceNow |
NEXT Release history for the Splunk Add-on for ServiceNow |
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released
Feedback submitted, thanks!