Splunk to ServiceNow incident ( ITSM) integration.

B Ashok
Tera Guru

‎01-03-2024 07:59 AM

Hello Team, 

 

I need to integrate Splunk to ServiceNow incident ( ITSM) 

 

This integration should pull Splunk for certain alerts, to generate ITSM Incidents.
This should handle automatically creating ITSM Incident based on alerts firing in Splunk.

 

Please help me with the process and documentation. 

 

Note : It's not two way integration, only Splunk to ServiceNow incident ( ITSM) one way integration.  

 

and it's Not Security incident Response ( SIR), we have only ITSM Module. 

 

Thanks

Ashok

 

Labels:
0 Helpfuls
  • 1,088 Views
1 REPLY 1

andy_ojha
ServiceNow Employee
ServiceNow Employee

‎01-03-2024 10:58 AM

Hey there,

The SecOps Forum is likely not the best spot for this post.

That said, check out the Splunk built / supported TAs (technology add-on), for ServiceNow.  

 

It Essentially uses a "push model" for triggered alert in Splunk, to perform an action in ServiceNow (e.g. Create a ITSM Incident). 

It may not be the only way to do this, or the best way that fits your use-case, just sharing as somewhere to start. 

For example, maybe it'd be more advantageous to tie into ServiceNow Event Management, and use Alert Rules to trigger ITSM Incidents (vs directly creating an ITSM Incident for a given Triggered Alert in Splunk)

 

0 Helpfuls