Integration Zabbix and Splunk
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-28-2025 05:19 AM
When monitoring server equipment using ServiceNow,
I believe Zabbix and Splunk are used as sources for monitoring information. Could you please briefly explain whether these can be integrated with Event Management and how each can be integrated?
As far as I recall, Zabbix had a built-in mechanism for integration, but Splunk's integration seemed to be more focused on log data integration, which is slightly different from event integration. Could you also explain the differences between these two approaches?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎07-28-2025 08:05 AM
Hi @SotaT ,
As per my understanding, That might helps you
1) Integration with Zabbix:
* Built-in mechanism: Zabbix can natively send events/alerts to ServiceNow using webhooks, API calls, or via the ServiceNow MID Server.
* How:
* Zabbix → configure an Action to call a ServiceNow REST API endpoint (for example, create an Event record or Incident).
* You can use the Zabbix Webhook Media Type template for ServiceNow available on Zabbix share or GitHub.
* These events enter ServiceNow via the EM connector (via MID Server or direct API) and are processed through Event Rules → Alerts → Incidents.
* Focus: Directly sends monitoring alerts (CPU high, Disk full, etc.) as structured events.
2) Integration with Splunk:
* Splunk is typically used for log analytics and searches, but you can also send alert results (from saved searches) into ServiceNow EM.
* How:
* Use the Splunk Add-on for ServiceNow or custom scripts to call ServiceNow REST APIs.
* Configure Splunk alert actions to trigger when conditions are met (e.g., a specific log pattern).
* Events can be sent to ServiceNow via the MID Server or direct API, just like with Zabbix.
* Focus: Splunk alerts usually originate from log pattern matches or search results, not directly from real-time infrastructure monitoring.
Key Differences :-
| Aspect | Zabbix | Splunk |
| Typical data source | Infrastructure metrics and SNMP traps | Log data, security events, application logs |
| Use case focus | Monitoring real-time health and performance | Log analysis, anomaly detection, security investigations |
| Event integration | Native webhook to ServiceNow; structured alerts | Needs Splunk alert action/add-on to push events to SNOW |
Please appreciate the efforts of community contributors by marking appropriate response as Mark my Answer Helpful or Accept Solution this may help other community users to follow correct solution in future.
Thank You
AJ - TechTrek with AJ - ITOM Trainer
LinkedIn:- https://www.linkedin.com/in/ajay-kumar-66a91385/
YouTube:- https://www.youtube.com/@learnitomwithaj
Topmate:- https://topmate.io/aj_techtrekwithaj (Connect for 1-1 Session)
ServiceNow Community MVP 2025
