ServiceNow : service now is a company that provides service management software as a service. Our goal here is to create a servicenow incident from Splunk. We can get this done using an installed from splunkbase or via the below mentioned method.

NOTE: Please make sure that service-now application is configured to receive email from splunk server. Might be the exchange server needs to have the configuration.

For creating SNOW incident we have to follow the below steps –

1. Let’s say you need to raise an incident from this alert.
    eg: index=_internal|stats count by host

2. In alert actions select option send email.

3. Then configure the email ID of service-now server in To address:
    eg: xxx@service-now.com

4. In mail body, you need to write an XML with required fields to be passed over to incident, lets take
    the following sample xml(modify it as per requirement) :

 

 

5. Then click on save.

servicenow incident page
 

Hopefully this helps you to create a service now incident directly from Splunk.


If you are still facing issue regarding create servicenow incident through splunk Feel free to Ask Doubts in the Comment Box Below and Don’t Forget to Follow us on 👍 Social Networks, happy Splunking >😉