Splunk® App for ServiceNow

Installation and Configuration Manual

Download manual as PDF

Download topic as PDF

Create custom inputs for the Splunk App for ServiceNow

The Splunk App for ServiceNow includes twenty pre-configured inputs based on some of the most useful database tables in ServiceNow. You can also add your own custom inputs based on any other database table in ServiceNow.

Note: Ensure that the ServiceNow account that you are using for connectivity with your Splunk platform has, at minimum, read-only access to the database table from which you want to collect data.

To add a new ServiceNow table for data collection:

1. In the app, go to Configure > Data inputs.

2. Click Add Input to open the Add ServiceNow Data Input screen.

3. Fill in the fields, following these guidelines.

Field name Description
Database table name The exact database table name in ServiceNow. Must be set correctly or the input will not work.
Collection interval How long the Splunk platform waits before collecting data from the table again, in seconds. This value overrides the default configuration you may have provided when you set up the app.
Excluded properties Excluded properties of the database table, in a comma-separated list.
Time field of the table The time field to use for checkpoint creation. The app creates checkpoints internally using this field each time that it calls the REST API to get data. With each new API call, the data collection picks up from the last timestamp where it left off. The default is sys_updated_on.
Date started from Date the Splunk platform starts collecting data from the database table, UTC in "YYYY-MM-DD hh:mm:ss" format. The default is one year ago. This configuration overrides the default configuration you may have provided when you set up the app.

4. Click Add.

5. To validate that the app is successfully collecting data from your new input, go to your Search screen and search for sourcetype=snow:<database_table_name>, inserting the exact database table name that you used to define your input.

Inputs overview for the Splunk App for ServiceNow
Troubleshoot the Splunk App for ServiceNow

This documentation applies to the following versions of Splunk® App for ServiceNow: 4.0.0, 4.0.1, 4.0.2, 4.0.3

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters