Release notes for the Splunk Add-on for ServiceNow
Version 7.7.0 of the Splunk Add-on for ServiceNow was released on December 8, 2023.
Version 7.7.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:
|Splunk platform versions
|8.1.x, 8.2.x, 9.0.x, 9.1.x
|Supported OS for data collection
|ServiceNow Quebec, Rome, San Diego, Tokyo, Utah, and Vancouver
Splunk has reviewed and updated the field aliases in this add-on for compatibility with the new field alias behavior change available from Splunk v7.3.4 and above.
For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.
Version 7.7.0 of the Splunk Add-on for ServiceNow includes the following new features:
- Added support for ServiceNow Vancouver.
Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the
display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set
all in your deployment going forward and to revert the extractions in your
props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.
From the ServiceNow add-on release 7.2.1 onward, we have removed the support of HTTP_NO_TUNNEL and SOCKS4 proxy. We recommend using an HTTP or SOCKS5 proxy instead.
Version 7.7.0 of the Splunk Add-on for ServiceNow has the following, if any, fixed issues. If no issues appear below, no issues have yet been reported:
Version 7.7.0 of the Splunk Add-on for ServiceNow has the following known issues. If no issues appear below, no issues have yet been reported:
|Service Now TA Integration not returning Incident value to ITSI : returning SPL instead of INC prefix when passing Default endpoint arguments
Remove the default value (/api/now/table/x_splu2_splunk_ser_u_splunk_incident) from the scripted_endpoint textbox.
|Data miss due to active updation of records during data collection
|ITSI ServiceNow TA passing timestamp in wrong format
1. From the ServiceNow interface, select Transform Maps under the System Import Sets -> Administration section and search for "Splunk Incident Transformation" under the Name column.
2. Click on the Splunk Incident Transformation transform map then scroll down under "Field Maps" till you find "sys_created_on" under the "Source Field" column.
Note: In some of the ServiceNow versions (eg. San Diego), it has been observed that UI is rendering the date format with 'HH' time stamp even though 'hh' is there in the backend. So to fix this type of issue open the transform mapping of 'sys_created_on' and remove the date format value whichever is present and re-update that with "yyyy-MM-dd HH:mm:ss" value.
|Getting ERROR exception logs in splunkd.log for Inputs Page
Third-party software attributions
Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.
A complete listing of third-party software information for this add-on is available as a document file for download:
Splunk Add-on for ServiceNow third-party software credits.
Source types for the Splunk Add-on for ServiceNow
Release history for the Splunk Add-on for ServiceNow
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released