"Splunk ES Integration for Security Operations" - Alert rules are not getting imported
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎04-17-2025 06:59 AM
Hi All,
We are trying to integrate Splunk with ServiceNow using Splunk ES Integration for Security Operations plugin. Authentication is successful but the alert rules are not getting imported into ServiceNow. We tried the below troubleshooting steps yet we couldn't fetch any notable events from Splunk.
Tried giving sn_sec_splunkes.api_account_access to the SN service account
Verified if Splunk Service account has ess_analyst role
Set glide.http.outbound.max_timeout.enabled to false
Upgraded plugin to the latest update
Its throwing an error "Error Occured. Please check logs.". Does anyone know what is causing this issue ? Please help. Attached screenshot for your reference.
Thanks in Advance!