Splunk® App for ServiceNow

User Guide

Download manual as PDF

Download topic as PDF

Overview of the dashboards in the Splunk App for ServiceNow

The Splunk App for ServiceNow offers a variety of dashboards to give you insight into your ServiceNow data.

If you do not see data in a particular dashboard panel, check the source type of the panel for which data is missing. For example, if your Open Incidents panel on the Overview dashboard shows a green zero, but you know you have open incidents in your ServiceNow instance, search sourcetype=snow:incident to check that data is coming in to your Splunk platform from that source type. If you do not see events, troubleshoot that input with a Splunk administrator.

Dashboard Description Panels Source Type
Overview Gives an overview of your ServiceNow instance. From here, drill into more detailed dashboards by clicking on any of the four KPIs on the top row. Open Incidents snow:incident
Unprocessed Critical Events snow:em_event
Approved Change Requests snow:change_request
Rejected Change Requests snow:change_request
Incident Performance snow:incident
Events by Node snow:em_event
Change Request by Status and Priority snow:change_request
Change Request Tickets snow:change_request
Incident Performance Describes your team's incident handling performance and gives insight into what kinds of problems arise most frequently. Incident Count by State snow:incident
Average Incident Closure Time in Hours snow:incident
Average Incident Closure Time by Assignment Group snow:incident
Open Incidents by Assignment Group snow:incident
Open Incidents by Assignment Group over Time snow:incident
Incident Inspector Allows you to look up ServiceNow incidents by combining different search criteria. This dashboard depends on saved searches. See Note below. Incident Table snow:incident
Auto-Created Incidents Summarizes incidents which have been automatically created from the Splunk platform via commands, alert actions, or alert-triggered scripts. Total ServiceNow Incidents Created by Splunk snow:incident
Total ServiceNow Events Created by Splunk snow:em_events
Incident State - Last 24h snow:incident
Incident Table snow:incident
Open Incidents by Geography Summarizes your open ServiceNow incidents by location. Current Average Incident Resolution Time in Hours snow:incident
Open Incident Count snow:incident
Incident Resolution SLA snow:incident
Incident Count by Location snow:incident
Incident Count over Location by Priority snow:incident
Change Performance Provides an overview of the change requests in your ServiceNow instance. Total Change Requests snow:change_request
Rejected Requests snow:change_request
Approved Requests snow:change_request
Change Approval Time snow:change_request
Change Approval Time by Reporter snow:change_request
Change Requests by Priority snow:change_request
Change Requests by State snow:change_request
Change Tasks Provides an overview of the current state of your ServiceNow change tasks and helps you to analyze your change tasks over time and state. Number of Change Tasks snow:change_task
Number of Open Change Tasks snow:change_task
Number of Closed Change Tasks snow:change_task
Change Tasks over Time snow:change_task
Change Tasks by State snow:change_task
Events Provides an activity overview across all nodes in your ServiceNow environment and helps you analyze which nodes generate the most events. Events by Resource snow:em_events
Events by Type snow:em_events
Events by Severity snow:em_events
Events by Node snow:em_events
ServiceNow Events snow:em_events
CMDB Allows you to look up change request and other tickets by combining different search criteria. This dashboard depends on saved searches. See Note below. Change Ticket Lookup snow:change_request
Incident Ticket Lookup snow:incident

Note: The Incidents Inspector and CMDB dashboards are also supported and enhanced by a set of saved searches, supplied by the Splunk Add-on for ServiceNow. To view these searches, open Settings > Searches, reports and alerts and set the context to Splunk Add-on for ServiceNow. Make sure all the searches are enabled and have a valid scheduled time. The saved searches run on the hour by default, so you may need to wait until the next time the search runs. If you do not want to wait, run each of the searches from this screen. When the jobs complete, the data from the searches populates on your dashboard panels.

Push integration with the Splunk App for ServiceNow

This documentation applies to the following versions of Splunk® App for ServiceNow: 4.0.0, 4.0.1, 4.0.2, 4.0.3

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters