splunk integration

El Cuchi · ‎03-16-2025

hi All,

i hope this email finds you well.

we have a team trying to integrate snow-splunk. we installed the add-on for splunk and cerated an oAUTH2 credentials.

In the splunk side they created the connections and tested the creation of an event in splunk to trigger the integration.

The issue is that on top of the oauth credentials, it asks for the credentials of the person creating the event. So it defeats the purpose of having oauth. image attached.

would you know how to bypass this credential request?

regards.

Vishal Jaswal · ‎03-17-2025

Hello @El Cuchi

It is most probably the created_by field value which ServiceNow wants to populate with a Service account or user in it’s sys_user table.

So, you need to Create a dedicated integration user which should bypass SSO (if enabled) in ServiceNow with appropriate roles (e.g., `itil`, `oauth_user`, `oauth_admin`, etc.) and use this account exclusively for OAuth2 authentication like not to share with others or other apps for their integration with same ServiceNow instance.

Ensure this user has full API access and permissions to create events (if custom table) without requiring manual intervention.

Hope that helps!

Hope that helps!