Integration with Splunk

Rakshanda Kunte
Tera Contributor

‎10-10-2024 06:29 AM

Hi All,

 

Users in the Splunk team have a table in ServiceNow that shows Splunk indexes and their ownership.

 

This table is static and has to be manually updated when splunk team create new indexes.
they would like it to be dynamically updated from Splunk, most feasible solution is via REST API.

 

Can anyone please guide steps how to achieve this?

 

 

 

Thanks.

 

 

 

0 Helpfuls
  • 714 Views
7 REPLIES 7

Rakshanda Kunte
Tera Contributor
In response to Eshwar Reddy

‎10-14-2024 02:28 AM

@Eshwar Reddy ,

 

Here, the table already exists in servicenow.

 

So, I guess we should use table api. 

I am implementing this first time. Kindly, suggest.

 

 

 

Thanks.

0 Helpfuls

Eshwar Reddy
Kilo Sage
In response to Rakshanda Kunte

‎10-14-2024 02:55 AM - edited ‎10-14-2024 02:56 AM

@Rakshanda Kunte 

Its not good practice to use Table API -->The Table API allows direct access to create, update, and delete records, which can lead to unauthorized data manipulation if not properly controlled.

I would suggest Import Set API(low code) or Scripted Rest API
 

0 Helpfuls

Omkar Mone
Mega Sage

‎10-14-2024 02:38 AM

Hello Rakshanda,

You can create a Scripted REST API in ServiceNow and share the details with the Splunk team. The Splunk team will need to configure this API in their environment to send data to ServiceNow.

Once Splunk calls the API, you'll need to write a script to process the incoming data and transfer it to the appropriate table in ServiceNow.

 

For guidance on creating a Scripted REST API, please refer to this documentation:
ServiceNow Scripted REST API Documentation.

 

Feel free to reach out if you need assistance with scripting once the data arrives in ServiceNow.

 

Note: Ensure that Splunk can connect to ServiceNow. If there are connection issues, you may need your Infrastructure team to whitelist the ServiceNow URL.

 

Let me know if you have any questions!

0 Helpfuls