Splunk® App for ServiceNow

User Guide

Download manual as PDF

Download topic as PDF

Push integration with the Splunk App for ServiceNow

The Splunk App for ServiceNow includes support for push integration from the Splunk platform to ServiceNow.

Note: In order to perform push integration, you must be signed in to the Splunk platform as a Splunk administrator or a user with the appropriate capability:

  • list_storage_passwords if you are using Splunk platform 6.5.0 or later
  • admin_all_objects if you are using an earlier version of the Splunk platform

You can perform push integration using four different methods. All these commands, alert actions, and scripts are provided through the Splunk Add-on for ServiceNow and are documented there. See About the commands, alert actions, and scripts for the Splunk Add-on for ServiceNow in the Splunk Add-on for ServiceNow manual, part of the Supported Add-ons documentation.

Method Name Usage
Custom search command snowincident Use the custom search command snowincident to create and update single ServiceNow incidents from the Splunk search interface.
snowevent Use the custom search command snowevent to create single ServiceNow events from the Splunk search interface.
Custom alert action ServiceNow Incident Integration Use the ServiceNow Incident Integration alert action to create and update single or multiple ServiceNow incidents from a search saved as an alert.
ServiceNow Event Integration Use the ServiceNow Event Integration alert action to create single or multiple ServiceNow events from a search saved as an alert.
Custom streaming command snowincidentstream Use the custom streaming command snowincidentstream to create and update single or multiple ServiceNow incidents from saved searches or the Splunk search interface.
snoweventstream Use the custom streaming command snoweventstream to create single or multiple ServiceNow events from saved searches or the Splunk search interface.
Alert-triggered script snow_incident.py Use snow_incident.py to create and update single or multiple ServiceNow incidents from Splunk alerts using an alert-triggered script.
snow_event.py Use snow_event.py to create single or multiple ServiceNow events from Splunk alerts using an alert-triggered script.
PREVIOUS
Get your data for the Splunk App for ServiceNow
  NEXT
Overview of the dashboards in the Splunk App for ServiceNow

This documentation applies to the following versions of Splunk® App for ServiceNow: 4.0.0, 4.0.1, 4.0.2, 4.0.3


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters