Options for Splunk integration with ServiceNow

Jacques Clement · ‎07-18-2022

Hi -

I am trying to figure out what the best options are when it comes to integrate Splunk with ServiceNow, including for customers that might not (yet) have the SIR module.

Could you challenge me on those following options and maybe recommend what the ServiceNow Store Splunk integration apps could be for the scenarios (if any, hopefully it does not need any custom integrations):

Integrate Splunk at the ServiceNow incident level (regular incident, not security incident)
Integrate Splunk at the ServiceNow event level, let the event rules and alert rules do their things, and use the Service Operations Workspace to handle the issue

Again, one needs to assume the customer does not have ServiceNow SIR, but does have Splunk already deployed.

Thanks in advance for your help.

suvro · ‎07-18-2022

You can go Servicenow Health Log Analytics where you can configure splunk connector. It goes along with event management. This is what you need

https://docs.servicenow.com/en-US/bundle/sandiego-it-operations-management/page/product/health-log-analytics-admin/concept/hla-understanding.html

Eric Smith · ‎08-02-2022

Jacques, i think a connector might be useful here. No idea if it fits in your integration plans. The one we use allows defining the type of data we want to forward between the two systems - like the incidents from your use case. The entire integration happens really quickly and does not require additional code.