Source types for the Splunk Add-on for ServiceNow¶
The Splunk Add-on for ServiceNow provides the index-time and search-time
knowledge for any database table exposed by ServiceNow REST APIs. When
the add-on collects a ServiceNow database table, the add-on assigns a
source type for the events, using the schema snow:database_table_name.
The inputs.conf provides the following preconfigured inputs, which are
disabled by default. Enable these data inputs in Splunk Web, or manually
edit local/inputs.conf by adding disabled=false for each input. For more information, see
Configure inputs for the Splunk Add-on forServiceNow.
Click the links in the CIM data model column to navigate to the Common information model add-on documentation.
For more information about the ServiceNow database tables, search for “Tables and Classes” in the ServiceNow product documentation.
The search-time source type renaming is for backwards compatibility with data ingested by older versions of the Splunk Add-on for ServiceNow.
| Database table name | Source type | Search-time renaming | CIM data models |
|---|---|---|---|
change_request |
snow:change_request |
None | Ticket Management |
change_task |
snow:change_task |
None | Ticket Management |
cmdb |
snow:cmdb |
None | N/A |
cmdb_ci_app_server |
snow:cmdb_ci_app_server |
None | N/A |
cmdb_ci_db_instance |
snow:cmdb_ci_db_instance |
None | N/A |
cmdb_ci_infra_service |
snow:cmdb_ci_infra_service |
None | N/A |
cmdb_ci |
snow:cmdb_ci |
snow:cmdb_ci_list |
N/A |
cmdb_ci_server |
snow:cmdb_ci_server |
None | N/A |
cmdb_ci_service |
snow:cmdb_ci_service |
None | N/A |
cmdb_ci_vm |
snow:cmdb_ci_vm |
None | N/A |
cmdb_rel_ci |
snow:cmdb_rel_ci |
None | N/A |
cmn_location |
snow:cmn_location |
snow:cmn_location_list |
N/A |
em_event |
snow:em_event |
None | N/A |
incident |
snow:incident |
None | Ticket Management |
problem |
snow:problem |
None | Ticket Management |
sys_audit |
snow:sys_audit |
None | N/A |
sys_audit_delete |
snow:sys_audit_delete |
None | N/A |
sys_choice |
snow:sys_choice |
snow:sys_choice_list |
N/A |
sys_user_group |
snow:sys_user_group |
snow:sys_user_group_list |
N/A |
sys_user |
snow:sys_user |
snow:sys_user_list |
N/A |
sysevent |
snow:sysevent |
None | N/A |
syslog_transaction |
snow:syslog_transaction |
None | N/A |
Deprecated tables¶
The following sourcetype is deprecated:
| Deprecated tables | Source type | |
|---|---|---|
syslog |
snow:syslog |
Supported for backwards compatibility only. For best performance, disable data collection from this deprecated table and collect from sysevent instead. |