- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-04-2019 09:33 AM
when i search for splunk integration plugin in servicenow develper instance,it is not present there.
I want to test splunk servicenow integration for incident creation.
I have developer instance from service now,any one please help how can i install it.
https://store.servicenow.com/sn_appstore_store.do#!/store/application/bac6db564f6a3100a0fc7d2ca310c721/1.1.7?referer=sn_appstore_store.do%23!%2Fstore%2Fsearch%3Fq%3Dsplunk
Solved! Go to Solution.
- Labels:
-
Security Incident Response

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-10-2019 06:44 AM
Naggi,
Last I checked, you could NOT install a Store item on a free Developer instance.
Please mark this as helpful or correct.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-11-2019 11:59 AM
Hey there,
Are you looking to Integrate Splunk, with ServiceNow Security Operations (i.e. Create Security Incidents from Splunk Alerts)?
If this is the case, you should look at the Application called `Splunk Enterprise Event Ingestion for Security Operations`, which was developed by ServiceNow.
The App you are looking at, is not developed by ServiceNow and is not used to integrate Splunk with ServiceNow SecOps. This is a third-party developed app, used to integrate Splunk with ServiceNOW "ITSM", to create Incident tickets and not SecOps records.
The folks on this thread are correct, ServiceNow has moved to using Store Apps and starting in Madrid -> when you are working with a Production Instance, you must request applications from the Store.
On a personal developer instance, when you navigate to:
- All Available Applications -> All
- Search for "splunk"
- Do you see `Splunk Enterprise Event Ingestion for Security Operations` returned in the results?
For ServiceNow developed Apps, such as `Splunk Enterprise Event Ingestion for Security Operations` - you can still install this onto your PDI.
For third-party developed Apps, I believe you cannot install these onto your PDI. These must be requested through the SN Store, using HI Credentials.
<========================================>
If your use-case is to integrate Splunk with ServiceNow SecOps, here are some additional details:
Specifically for the ServiceNow developed `Splunk Enterprise Event Ingestion for Security Operations` App - you can install this onto your PDI.
If you are going to connect an on-premise Splunk Enterprise installation to your ServiceNow Personal Developer Instance, you will need to use a ServiceNow MID Server. If you are connecting to a Splunk Cloud installation, you do not need a MID Server...
Reference: Turning on Splunk Enterprise Event Ingestion for Security Operations
*Performed on a Personal Dev Instance