Splunk® Supported Add-ons

Splunk Add-on for ServiceNow

Hardware and software requirements for the Splunk Add-on for ServiceNow

To install and configure the Splunk Add-on for ServiceNow, you must have an admin or sc_admin role. To perform push integration with ServiceNow, you must be an administrator or have the admin_all_objects capability in the Splunk platform. This requirement applies to custom commands and alert-triggered scripts.

ServiceNow setup requirements

See the following hardware and software requirements for ingesting data into your Splunk platform deployment from your ServiceNow instance. See the release notes of this manual to learn about supported versions of ServiceNow.

ServiceNow account requirements for integration

You must configure permissions in your ServiceNow account to collect data and for push integration. To set up push integration from the Splunk platform to ServiceNow, see Configure ServiceNow to integrate with the Splunk platform, which includes instructions for configuring access control rules that allow the ServiceNow account to access the data and to perform push integration enabled by the add-on.

If you do not use push integration, create an ACL that has read-only access to all database tables from which you want to collect data. Some of these database tables are restricted to administrators by default.

ServiceNow administrator access for setup

You must have an administrator account on your ServiceNow instance to set up integration with the Splunk platform. This is required to enable users to create ServiceNow incidents and events from the Splunk platform.

ServiceNow Event Management plugin

You must install and enable the Event Management plugin in your ServiceNow environment to:

  • Use the event-related workflow actions included in this add-on.
  • Support event-related push integration with ServiceNow.

To see which push integration features require the plugin, see About the commands, alert actions, and scripts available with the Splunk Add-on for ServiceNow. Install and enable the Event Management plugin before you perform the steps in Configure ServiceNow to integrate with the Splunk platform.

Without the Event Management plugin, you can use this add-on to pull data from ServiceNow and create and update incidents from the Splunk platform. You cannot create events from the Splunk platform without the Event Management plugin.

For more about the Event Management plugin, search for "Event Management" in the ServiceNow product documentation.

ServiceNow Oauth setup requirements

The Splunk Add-on for ServiceNow supports Oauth 2.0 communication between your ServiceNow instance and your Splunk platform deployment.

  1. Install and activate the Oauth plugin on your ServiceNow instance to use the feature of OAuth 2.0 from Splunk Add-on for ServiceNow.
  2. Verify the property com.snc.platform.security.oauth.is.active is set to true.

See Configure ServiceNow to integrate with the Splunk platform for detailed Oauth application registry setup at ServiceNow.

Splunk platform requirements

Because this add-on runs on the Splunk platform, all of the system requirements apply for the Splunk software that you use to run this add-on.

  • For Splunk Enterprise system requirements, see System Requirements in the Splunk Enterprise Installation Manual.
  • To run this add-on entirely in Splunk Cloud, there are no additional Splunk platform requirements.
  • For Splunk Light system requirements, see System Requirements in the Splunk Light Installation Manual.
  • To manage on-premises forwarders to get data into Splunk Cloud, see System Requirements in the Splunk Enterprise Installation Manual.

For information about installation locations and environments, see Install the Splunk Add-on for ServiceNow.

Last modified on 26 November, 2024
Release history for the Splunk Add-on for ServiceNow   Installation and configuration overview for the Splunk Add-on for ServiceNow

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters