Service Now Integration with Splunk: ServiceNow is a stage that provides ITSM (IT Service Management) as a cloud-based solution. ServiceNow Dev Instance will be used to display this integration.
Follow Below Step to Service Now Splunk Integration
You need to download & Install Splunk Add-on meant for ServiceNow.
Move to https://splunkbase.splunk.com/app/1928/ & use Splunk Credentials to download an add-on.
After that move to manage applications on Splunk Instance one needs to install the add-on & select the selection to install an application from a file.
Start again Splunk for installation to be completed.
After that, you will find an add-on installed at the Apps area of Splunk
Step 2: Configure Add-on
To do this, you need to click on an add-on to have its’s interface.
Then click on Add button on the right-hand side.
Here you’ll have a pop-up form displayed in the image below.
Account Name: provide the best account name for the connection.
URL: It’s the URL of a ServiceNow Instance.
Username: It’s the username to gain access to ServiceNow Instance.
Password: It’s for the username provided
After that click update
Step 3: Set proxy configuration if applicable
Step 4: If you need to vary the logging level for the add-on choose the Logging choice & set it as needed though it’s optional. By default, it is available to INFORMATION.
Step 5: Choose the Inputs Choices
Click at Create-New Input
Input-name: You will offer the best name for the input.
Account: Choose ServiceNow account (account created earlier)
Collection interval: You need to set the rate at which the add-on connects with ServiceNow.
Table to collect data from: Choose ServiceNow database-table from the place you need to bring data to Splunk.
Remember that we’ve taken the incident table here to show as an example.
Excluded properties though it’s optional: State the properties one doesn’t need to fetch from a database table.
Time-field of a table: Mention time-column name in one’s database table, auto to sys_updated_on.
Begin date: State explicitly timestamps from the time one needs to fetch entries from a ServiceNow DB-table. This needs to be in ‘YYYY-MM-DD hh:mm: ss’. This needs to be in UTC format, and defaults to 1yr ago.
ID field: Choose the Primary-key for a table.
Filter Parameters though optional: Mention a particular key-value pair with a comma-separated format which you need to index Splunk.
Index: Choose the index the place you need to store this information.
Step 6: Form an Instance in ServiceNow
Step 7: Query Index to confirm the Integration
With the steps above, you will be able to integrate ServiceNow with Splunk.