Service Now Splunk Integration

Service Now Integration with Splunk: ServiceNow is a stage that provides ITSM (IT Service Management) as a cloud-based solution. ServiceNow Dev Instance will be used to display this integration.

Follow Below Step to Service Now Splunk Integration

Step 1:

You need to download & Install Splunk Add-on meant for ServiceNow.

Move to https://splunkbase.splunk.com/app/1928/ & use Splunk Credentials to download an add-on.

After that move to manage applications on Splunk Instance one needs to install the add-on & select the selection to install an application from a file.

Start again Splunk for installation to be completed.

After that, you will find an add-on installed at the Apps area of Splunk


Step 2: Configure Add-on

To do this, you need to click on an add-on to have its’s interface.

Choose configuration

Then click on Add button on the right-hand side.

Here you’ll have a pop-up form displayed in the image below. 

Account Name: provide the best account name for the connection.

URL: It’s the URL of a ServiceNow Instance.

Username: It’s the username to gain access to ServiceNow Instance.

Password: It’s for the username provided

After that click update


Step 3: Set proxy configuration if applicable


Step 4: If you need to vary the logging level for the add-on choose the Logging choice & set it as needed though it’s optional. By default, it is available to INFORMATION.


Step 5: Choose the Inputs Choices

Click at Create-New Input

Input-name: You will offer the best name for the input.

Account: Choose ServiceNow account (account created earlier)

Collection interval: You need to set the rate at which the add-on connects with ServiceNow.

Table to collect data from: Choose ServiceNow database-table from the place you need to bring data to Splunk.

Remember that we’ve taken the incident table here to show as an example.

Excluded properties though it’s optional: State the properties one doesn’t need to fetch from a database table.

Time-field of a table: Mention time-column name in one’s database table, auto to sys_updated_on.

Begin date: State explicitly timestamps from the time one needs to fetch entries from a ServiceNow DB-table. This needs to be in ‘YYYY-MM-DD hh:mm: ss’. This needs to be in UTC format, and defaults to 1yr ago.

ID field: Choose the Primary-key for a table.

Filter Parameters though optional: Mention a particular key-value pair with a comma-separated format which you need to index Splunk.

Index: Choose the index the place you need to store this information. 


Step 6: Form an Instance in ServiceNow 


Step 7: Query Index to confirm the Integration 

With the steps above, you will be able to integrate ServiceNow with Splunk.

Terry White

Terry White is a professional Drupal & WordPress developer, Web developer, Web designer, Software Engineer, and Blogger. He strives for pixel-perfect design, clean robust code, and a user-friendly interface. If you have a project in mind and like his work, feel free to contact him

View all posts by Terry White →