Splunk® Supported Add-ons

Splunk Add-on for ServiceNow

Install the Splunk Add-on for ServiceNow

  1. Get the Splunk Add-on for ServiceNow by downloading it from Splunkbase or browsing to it using the app browser within Splunk Web.
  2. Use the tables on this page to determine where and how to install this add-on in your deployment.
  3. Perform any prerequisite steps before installing.
  4. Complete your installation.

If you need step-by-step instructions on how to install an add-on in your specific deployment environment, see the installation walkthroughs section at the bottom of this page for links to installation instructions specific to a single-instance deployment, distributed deployment, Splunk Cloud, or Splunk Light.

Distributed deployments

Use the following tables to determine where and how to install this add-on in a distributed deployment of Splunk Enterprise or any deployment for which you are using forwarders to get your data in. Depending on your environment, your preferences, and the requirements of the add-on, you may need to install the add-on in multiple places.

Where to install this add-on

Unless otherwise noted, all supported add-ons can be safely installed to all tiers of a distributed Splunk platform deployment. See Where to install Splunk add-ons in Splunk Add-ons for more information.

Splunk platform instance type Supported Required Actions required/Comments
Search Heads Yes Yes Install this add-on to all search heads where ServiceNow knowledge management is required.

This add-on contains optional search-time interactions. If you want Splunk platform users to be able to create incidents or events in ServiceNow from the Splunk platform, make the following changes to the add-on package and perform the add-on setup on the search heads to configure your ServiceNow credentials:

  • Add stanzas to your inputs.conf file, using the inputs.conf.spec file in the $SPLUNK_HOME/etc/apps/Splunk_TA_snow/README folder of the add-on package as a reference.


Indexers Yes No Not required, because the parsing operations occur on the heavy forwarders.
Heavy Forwarders Yes Yes This add-on supports only heavy forwarders for data collection.
Universal Forwarders No No

Distributed deployment feature compatibility

This table describes the compatibility of this add-on with Splunk distributed deployment features.

Distributed deployment feature Supported Actions required
Search Head Clusters Yes You can install this add-on on a search head cluster for all search-time functionality, but configure inputs on forwarders to avoid duplicate data collection.
If you want Splunk platform users to be able to create incidents or events in ServiceNow from the Splunk platform, make the following changes to the add-on package and perform the add-on setup on the search heads to configure your ServiceNow credentials:

1. Add the inputs.conf.spec file in the $SPLUNK_HOME/etc/apps/Splunk_TA_snow/README folder of the add-on package.

Indexer Clusters Yes Before installing this add-on to a cluster, make the following changes to the add-on package:
1. Remove the inputs.conf file.
Deployment Server No Supported for deploying unconfigured add-ons only.
  • Using a deployment server to deploy the configured add-on to multiple forwarders acting as data collectors causes duplication of data.
  • The add-on uses the credential vault to secure your credentials, and this credential management solution is incompatible with the deployment server.

Installation walkthroughs

The Splunk Add-Ons manual includes an Installing add-ons guide that helps you successfully install any Splunk-supported add-on to your Splunk platform.

For a walkthrough of the installation procedure, follow the link that matches your deployment scenario:

Last modified on 26 November, 2024
Installation and configuration overview for the Splunk Add-on for ServiceNow   Upgrade the Splunk Add-on for ServiceNow

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters