Splunk® Supported Add-ons

Splunk Add-on for ServiceNow

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Release notes for the Splunk Add-on for ServiceNow

Version 7.3.0 of the Splunk Add-on for ServiceNow was released on May 11, 2022.

Compatibility

Version 7.3.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:

Splunk platform versions 8.1.x, 8.2.x
CIM 5.0.1
Supported OS for data collection Platform Independent
Vendor products ServiceNow Quebec, Rome and San Diego

Splunk has reviewed and updated the field aliases in this add-on for compatibility with the new field alias behavior change available from Splunk v7.3.4 and above.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features

Version 7.3.0 of the Splunk Add-on for ServiceNow includes the following new features:

  • Added support for ServiceNow San Diego.
  • Updated the default value of the Source and Source instance column for the ServiceNow Event Integration.
    • Before the Source column used Splunk-<hostname_of_splunk_machine> as a value and the Source instance column used Splunk as a value.
    • Now the Source column uses Splunk-TA as a value and the Source instance column uses Splunk-<hostname_of_splunk_machine> as a value.

Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

From the ServiceNow add-on release 7.2.1 onward, we have removed the support of HTTP_NO_TUNNEL and SOCKS4 proxy. We recommend using an HTTP or SOCKS5 proxy instead.

Fixed issues

Version 7.3.0 of the Splunk Add-on for ServiceNow has the following, if any, fixed issues. If no issues appear below, no issues have yet been reported:


Known issues

Version 7.3.0 of the Splunk Add-on for ServiceNow has the following known issues. If no issues appear below, no issues have yet been reported:


Date filed Issue number Description
2021-03-06 ADDON-34668 ITSI ServiceNow TA passing timestamp in wrong format

Workaround:
1. From the ServiceNow interface, select Transform Maps under the System Import Sets -> Administration section and search for "Splunk Incident Transformation" under the Name column.

2. Click on the Splunk Incident Transformation transform map then scroll down under "Field Maps" till you find "sys_created_on" under the "Source Field" column.
3. Click on the "sys_created_on" row.
4. Change the Date format field from "yyyy-MM-dd hh:mm:ss" to "yyyy-MM-dd HH:mm:ss" and click Update at the top right corner.
5. Again click on Update to update the "Splunk Incident Transformation" transform map.

2019-09-10 ADDON-23239 Getting ERROR exception logs in splunkd.log for Inputs Page

Third-party software attributions

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

A complete listing of third-party software information for this add-on is available as a PDF file for download:
Splunk Add-on for ServiceNow third-party software credits.

Last modified on 12 May, 2022
PREVIOUS
Source types for the Splunk Add-on for ServiceNow
  NEXT
Release history for the Splunk Add-on for ServiceNow

This documentation applies to the following versions of Splunk® Supported Add-ons: released, released


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters