Use workflow actions for the Splunk Add-on for ServiceNow
The Splunk Add-on for ServiceNow includes workflow actions that allow you to access incidents, events, change records, alerts, and knowledge base articles in ServiceNow directly from your Splunk search results.
| Workflow action | Scope | Usage |
|---|---|---|
| Open ServiceNow Alert | Any event returned by a Splunk search that has sourcetype=snow:em_event and contains the field alert with any non-null value.
|
The workflow action opens the alert in ServiceNow in a new tab in your browser. |
| Open ServiceNow Change Record | Any event returned by a Splunk search that has sourcetype=snow:change_request.
|
The workflow action opens the change request in ServiceNow in a new tab in your browser. |
| Open ServiceNow Event | Any event returned by a Splunk search that has sourcetype=snow:em_event.
|
The workflow action opens the event in ServiceNow in a new tab in your browser. |
| Open ServiceNow Incident | Any event returned by a Splunk search that has sourcetype=snow:incident.
|
The workflow action opens the incident in ServiceNow in a new tab in your browser. |
| Open ServiceNow Knowledge | Any event returned by a Splunk search that has any ServiceNow source type (sourcetype=snow*) and contains the field error.
|
The workflow action opens a new tab in your browser to run a search in your ServiceNow Knowledge Base for the text of the error in your selected event. |
Last modified on 06 September, 2024
| Use custom streaming commands for the Splunk Add-on for ServiceNow | Lookups for the Splunk Add-on for ServiceNow |
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released
Download manual
Feedback submitted, thanks!