Splunk® Supported Add-ons

Splunk Add-on for ServiceNow

Download manual as PDF

Download topic as PDF

Hardware and software requirements for the Splunk Add-on for ServiceNow

To install and configure the Splunk Add-on for ServiceNow, you must have an admin or sc_admin role.

Performing push integration with ServiceNow requires you to be an administrator or have the admin_all_objects capability in the Splunk platform. This requirement applies to custom commands and alert-triggered scripts.

ServiceNow setup requirements

The Splunk Add-on for ServiceNow supports versions Kingston, London and Madrid of ServiceNow.

ServiceNow account requirements for integration

The ServiceNow account that you use in the Splunk platform to connect with your ServiceNow instance requires specific permissions in ServiceNow for collecting data and for push integration. If you want to perform push integration from the Splunk platform to ServiceNow, see Configure ServiceNow to integrate with the Splunk platform. That topic includes instructions for configuring access control rules that allow the ServiceNow account to access the data and to perform push integration enabled by the add-on. If you are not using push integration, create an ACL that has read-only access to all database tables from which you want to collect data. Some of these database tables are restricted to administrators by default.

ServiceNow administrator access for setup

You must have an administrator account on your ServiceNow instance to set up integration with the Splunk platform, required for enabling users to create ServiceNow incidents and events from the Splunk platform.

ServiceNow Event Management plugin

You must have the Event Management plugin installed and enabled in your ServiceNow environment in order to use the event-related workflow actions included in this add-on, and to support event-related push integration with ServiceNow. To see which push integration features require the plugin, see About the commands, alert actions, and scripts available with the Splunk Add-on for ServiceNow. If you want to use these features, you must install and enable the Event Management plugin before you perform the steps in Configure ServiceNow to integrate with the Splunk platform.

Without the Event Management plugin, you can still use this add-on to pull data from ServiceNow and create and update incidents from the Splunk platform, but you cannot create events from the Splunk platform.

For more about the Event Management plugin, search for "Event Management" in the ServiceNow product documentation.

Splunk platform requirements

Because this add-on runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this add-on.

  • For Splunk Enterprise system requirements, see System Requirements in the Splunk Enterprise Installation Manual.
  • If you plan to run this add-on entirely in Splunk Cloud, there are no additional Splunk platform requirements.
  • For Splunk Light system requirements, see System Requirements in the Splunk Light Installation Manual.
  • If you are managing on-premises forwarders to get data into Splunk Cloud, see System Requirements in the Splunk Enterprise Installation Manual, which includes information about forwarders.

For information about installation locations and environments, see Install the Splunk Add-on for ServiceNow.

Release history for the Splunk Add-on for ServiceNow
Installation and configuration overview for the Splunk Add-on for ServiceNow

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters