Release history for the Splunk Add-on for ServiceNow¶

The latest release of the Splunk Add-on for ServiceNow is version 8.0.0. See the release notes topic for more information.

Version 7.10.0¶

Version 7.10.0 of the Splunk Add-on for ServiceNow was released on November 24, 2024.

Compatibility¶

Version 7.10.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	9.0.x, 9.1.x, 9.2.x, 9.3.x
CIM	5.1.0
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow Quebec, Rome, San Diego, Tokyo, Utah, Vancouver, Washington DC, and Xanadu

Splunk has reviewed and updated the field aliases in this add-on for compatibility with the new field alias behavior change available from Splunk v7.3.4 and above.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 7.10.0 of the Splunk Add-on for ServiceNow includes the following new features:

Performance enhancement to reduce time taken to create or update incidents or events using the custom streaming commands snowincidentstream and snoweventstream.

Fixed issues¶

Version 7.10.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Fixed the issue of incorrect hostname added to the Splunk_URL field in SNOW events created by custom commands on the Splunk Cloud Platform.

Known issues¶

Version 7.10.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

Version 7.10.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software.

Version 7.9.0¶

Version 7.9.0 of the Splunk Add-on for ServiceNow was released on October 7, 2024.

Compatibility¶

Version 7.9.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	9.0.x, 9.1.x, 9.2.x,9.3.x
CIM	5.1.0
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow Quebec, Rome, San Diego, Tokyo, Utah, Vancouver, Washington DC, and Xanadu

Splunk has reviewed and updated the field aliases in this add-on for compatibility with the new field alias behavior change available from Splunk v7.3.4 and above.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 7.9.0 of the Splunk Add-on for ServiceNow includes the following new features:

Added support for ServiceNow Xanadu
Upgraded the solnlib library to v5.3.0 to address KV store API call failures coming from the urllib3 request handler used for API calls.

Fixed issues¶

Version 7.9.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 7.9.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

Version 7.9.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software.

Version 7.8.0¶

Version 7.8.0 of the Splunk Add-on for ServiceNow was released on April 30, 2024.

Compatibility¶

Version 7.8.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	9.0.x, 9.1.x, 9.2.x
CIM	5.1.0
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow Quebec, Rome, San Diego, Tokyo, Utah, Vancouver, and Washington DC

Splunk has reviewed and updated the field aliases in this add-on for compatibility with the new field alias behavior change available from Splunk v7.3.4 and above.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 7.8.0 of the Splunk Add-on for ServiceNow includes the following new features:

Added support for ServiceNow Washington DC.
Added support for ipv6 addresses.
Added a unique invocation ID for every invocation in the logs for alert action and custom commands.
Enhanced data collection mechanism to ingest a record without a time field.
Improved data collection mechanism by using sys_id instead of offset for record updates during ongoing data collection. Please note that intermediate updates of a record can still be missed if there are multiple updates on a record between the input intervals. The latest state of the record will be fetched in the next invocation of the input according to its interval.

Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

From the ServiceNow add-on release 7.2.1 onward, we have removed the support of HTTP_NO_TUNNEL and SOCKS4 proxy. We recommend using an HTTP or SOCKS5 proxy instead.

Fixed issues¶

Version 7.8.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 7.8.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

Version 7.8.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software.

Version 7.7.0¶

Version 7.7.0 of the Splunk Add-on for ServiceNow was released on December 8, 2023.

Compatibility¶

Version 7.7.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	8.1.x, 8.2.x, 9.0.x, 9.1.x
CIM	5.1.0
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow Quebec, Rome, San Diego, Tokyo, Utah, and Vancouver

Splunk has reviewed and updated the field aliases in this add-on for compatibility with the new field alias behavior change available from Splunk v7.3.4 and above.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 7.7.0 of the Splunk Add-on for ServiceNow includes the following new features:

Added support for ServiceNow Vancouver.

Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

From the ServiceNow add-on release 7.2.1 onward, we have removed the support of HTTP_NO_TUNNEL and SOCKS4 proxy. We recommend using an HTTP or SOCKS5 proxy instead.

Fixed issues¶

Version 7.7.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 7.7.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Version 7.6.0¶

Version 7.6.0 of the Splunk Add-on for ServiceNow was released on March 31, 2023.

Compatibility¶

Version 7.6.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	8.1.x, 8.2.x, 9.0.x
CIM	5.1.0
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow Quebec, Rome, San Diego, Tokyo, and Utah

Splunk has reviewed and updated the field aliases in this add-on for compatibility with the new field alias behavior change available from Splunk v7.3.4 and above.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 7.6.0 of the Splunk Add-on for ServiceNow includes the following new features:

Added support for ServiceNow Utah.
Enhanced the Incident Alert Action to time bound the rest API search that populate values in the account dropdown.

Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

From the ServiceNow add-on release 7.2.1 onward, we have removed the support of HTTP_NO_TUNNEL and SOCKS4 proxy. We recommend using an HTTP or SOCKS5 proxy instead.

Fixed issues¶

Version 7.6.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 7.6.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

Version 7.6.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software.

Version 7.5.0¶

Version 7.5.0 of the Splunk Add-on for ServiceNow was released on December 14, 2022.

Compatibility¶

Version 7.5.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	8.2.x, 9.0.x
CIM	5.0.1
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow Quebec, Rome, San Diego, and Tokyo

Splunk has reviewed and updated the field aliases in this add-on for compatibility with the new field alias behavior change available from Splunk v7.3.4 and above.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 7.5.0 of the Splunk Add-on for ServiceNow includes the following new features:

Improved memory and CPU usage by using multi-instance mode for data collection.
Migrated from a file-based checkpointing mechanism to using KV-store instead for better reliability and performance during data ingestion.

Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

From the ServiceNow add-on release 7.2.1 onward, we have removed the support of HTTP_NO_TUNNEL and SOCKS4 proxy. We recommend using an HTTP or SOCKS5 proxy instead.

Fixed issues¶

Version 7.5.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 7.5.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

Version 7.5.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software.

Version 7.4.1¶

Version 7.4.1 of the Splunk Add-on for ServiceNow was released on September 20, 2022.

Compatibility¶

Version 7.4.1 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	8.2.x, 9.0.x
CIM	5.0.1
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow Quebec, Rome, San Diego, and Tokyo

Splunk has reviewed and updated the field aliases in this add-on for compatibility with the new field alias behavior change available from Splunk v7.3.4 and above.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 7.4.1 of the Splunk Add-on for ServiceNow includes the following new features:

Added support for ServiceNow Tokyo.
Altered the record count range on the account configuration page from {1000 to 10000} to {1 to 10000}. The default value remains at 3000, but this change allows lower record count values (between 1 and 1000) to be used under special circumstances. See troubleshooting section for more details.

Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

From the ServiceNow add-on release 7.2.1 onward, we have removed the support of HTTP_NO_TUNNEL and SOCKS4 proxy. We recommend using an HTTP or SOCKS5 proxy instead.

Fixed issues¶

Version 7.4.1 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 7.4.1 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

Version 7.4.1 of the Splunk Add-on for ServiceNow incorporates the following third-party software.

Version 7.4.0¶

Version 7.4.0 of the Splunk Add-on for ServiceNow was released on July 7, 2022.

Compatibility¶

Version 7.4.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	8.1.x, 8.2.x
CIM	5.0.1
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow Quebec, Rome and San Diego

Splunk has reviewed and updated the field aliases in this add-on for compatibility with the new field alias behavior change available from Splunk v7.3.4 and above.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 7.4.0 of the Splunk Add-on for ServiceNow includes the following new features:

Supports either Table API or Import Set API for incident creation.
Support of CI identifier in Event integration alert action.

Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

From the ServiceNow add-on release 7.2.1 onward, we have removed the support of HTTP_NO_TUNNEL and SOCKS4 proxy. We recommend using an HTTP or SOCKS5 proxy instead.

Fixed issues¶

Version 7.4.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 7.4.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

Version 7.4.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software.

Version 7.3.0¶

Version 7.3.0 of the Splunk Add-on for ServiceNow was released on May 11, 2022.

Compatibility¶

Version 7.3.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	8.1.x, 8.2.x
CIM	5.0.1
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow Quebec, Rome and San Diego

Splunk has reviewed and updated the field aliases in this add-on for compatibility with the new field alias behavior change available from Splunk v7.3.4 and above.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 7.3.0 of the Splunk Add-on for ServiceNow includes the following new features:

Added support for ServiceNow San Diego.
Updated the default value of the Source and Source instance column for the ServiceNow Event Integration.
- Before the Source column used Splunk-<hostname_of_splunk_machine> as a value and the Source instance column used Splunk as a value.
- Now the Source column uses Splunk-TA as a value and the Source instance column uses Splunk-<hostname_of_splunk_machine> as a value.

Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

From the ServiceNow add-on release 7.2.1 onward, we have removed the support of HTTP_NO_TUNNEL and SOCKS4 proxy. We recommend using an HTTP or SOCKS5 proxy instead.

Fixed issues¶

Version 7.3.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 7.3.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

Version 7.3.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software.

Version 7.2.1¶

Version 7.2.1 of the Splunk Add-on for ServiceNow was released on February 1, 2022.

Compatibility¶

Version 7.2.1 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	8.1.x, 8.2.x
CIM	5.0.0
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow London, Madrid, New York, Orlando, Paris Quebec, and Rome

Splunk has reviewed and updated the field aliases in this add-on for compatibility with the new field alias behavior change available from Splunk v7.3.4 and above.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 7.2.1 of the Splunk Add-on for ServiceNow includes the following new features:

SSL certificate management solution.
Migrated CSV lookups to KVStore.
Support of all operators in filter parameters that ServiceNow supports.
Support of passing additional information apart from Splunk URL into the additional_info parameter for ServiceNow event integration and custom commands.
Migrated from httplib2 to requests library.
Removed the support for HTTP_NO_TUNNEL and SOCKS4 proxy.

Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

From the ServiceNow add-on release 7.2.1 onward, we have removed the support of HTTP_NO_TUNNEL and SOCKS4 proxy. We recommend using an HTTP or SOCKS5 proxy instead.

Fixed issues¶

Version 7.2.1 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 7.2.1 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

Version 7.2.1 of the Splunk Add-on for ServiceNow incorporates the following third-party software.

Version 7.1.1¶

Version 7.1.1 of the Splunk Add-on for ServiceNow was released on November 30, 2021.

Compatibility¶

Version 7.1.1 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	8.0.x, 8.1.x, 8.2.x
CIM	4.18.1
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow London, Madrid, New York, Orlando, Paris Quebec, and Rome

Splunk has reviewed and updated the field aliases in this add-on for compatibility with the new field alias behavior change available from Splunk v7.3.4 and above.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 7.1.1 of the Splunk Add-on for ServiceNow includes the following new features:

Fixed an issue where the add-on was only able to display up to thirty records in the list.

Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

Fixed issues¶

Version 7.1.1 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 7.1.1 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

Version 7.1.1 of the Splunk Add-on for ServiceNow incorporates the following third-party software.

Version 7.1.0¶

Version 7.1.0 of the Splunk Add-on for ServiceNow was released on July 12, 2021.

Compatibility¶

Version 7.1.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	8.0.x, 8.1.x, 8.2.x
CIM	4.18.1
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow London, Madrid, New York, Orlando, Paris and Quebec

New features¶

Version 7.1.0 of the Splunk Add-on for ServiceNow includes the following new features:

Fast and intuitive UI with an improved look and feel.
Fixed critical security issue by removing jquery2.
Removed python2 support. Splunk only supports python3 for future releases.

Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

Fixed issues¶

Version 7.1.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 7.1.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Some of the components included in this add-on are licensed under free or open source licenses. We wish to thank the contributors to those projects.

Version 7.1.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software.

Version 7.0.0¶

Version 7.0.0 of the Splunk Add-on for ServiceNow was released on May 4, 2021.

Compatibility¶

Version 7.0.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	7.3.x, 8.0.x, 8.1.x
CIM	4.19
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow London, Madrid, New York, Orlando, Paris and Quebec

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 7.0.0 of the Splunk Add-on for ServiceNow includes the following new features:

Added support for writing incidents to a custom scripted REST endpoint
Added support for ServiceNow Quebec
Added compatibility for CIM version 4.19
UI validation enhancements

Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

Fixed issues¶

Version 7.0.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 7.0.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Version 7.0.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software libraries:

Version 6.4.1¶

Version 6.4.1 of the Splunk Add-on for ServiceNow was released on March 4, 2021.

Compatibility¶

Version 6.4.1 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	7.2.x, 7.3.x, 8.0.x, 8.1.x
CIM	4.18
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow London, Madrid, New York, Orlando, and Paris

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

Version 6.4.1 of the Splunk Add-on for ServiceNow includes the following new features:

Fixed a data collection issue faced when using the filter parameter. See Configure inputs for the Splunk Add-on for ServiceNow for more information on configuring the filter parameter.

Fixed issues¶

Version 6.4.1 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 6.4.1 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Version 6.4.1 of the Splunk Add-on for ServiceNow incorporates the following third-party software libraries:

Version 6.4.0¶

Version 6.4.0 of the Splunk Add-on for ServiceNow was released on January 25, 2021.

Compatibility¶

Version 6.4.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	7.2.x, 7.3.x, 8.0.x, 8.1.x
CIM	4.18
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow London, Madrid, New York, Orlando, and Paris

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 6.3.0 and above of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

Version 6.4.0 of the Splunk Add-on for ServiceNow includes the following new features:

Support for multiple accounts in ServiceNow event Alert Action. This adds the ability to create events in multiple ServiceNow instances simultaneously.
Enhanced user experience through instant feedback when URLs or host names are entered incorrectly, and more precise error messages.
Graceful handling of invalid ServiceNow error message: Under heavy load on a ServiceNow table, it returns an invalid JSON which was causing intermittent failures with data collection. Upon receipt of the invalid JSON the Splunk Add-on for ServiceNow will log the error and make the API call again using the last stored checkpoint values.

Fixed issues¶

Version 6.4.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 6.4.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Version 6.4.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software libraries:

Version 6.3.1¶

Version 6.3.1 of the Splunk Add-on for ServiceNow was released on January 12, 2021.

Compatibility¶

Version 6.3.1 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	7.1.x, 7.2.x, 7.3.x, 8.0.x, 8.1.x
CIM	4.18
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow London, Madrid, New York, Orlando, and Paris

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 6.3.0 of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

Version 6.3.1 of the Splunk Add-on for ServiceNow includes the following new features:

Bug fixes
Enhanced compatibility with Splunk IT Service Intelligence

Fixed issues¶

Version 6.3.1 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 6.3.1 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Version 6.3.1 of the Splunk Add-on for ServiceNow incorporates the following third-party software libraries:

Version 6.3.0¶

Version 6.3.0 of the Splunk Add-on for ServiceNow was released on December 19, 2020.

Compatibility¶

Version 6.3.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	7.1.x, 7.2.x, 7.3.x, 8.0.x, 8.1.x
CIM	4.18
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow London, Madrid, New York, Orlando, and Paris

The field alias functionality is compatible with the current version of this add-on. The current version of this add-on does not support older field alias configurations.

For more information about the field alias configuration change, refer to the Splunk Enterprise Release Notes.

New features¶

Version 6.3.0 of the Splunk Add-on for ServiceNow deprecates support for events fetched through the display_value = false (extractions and Common Information Model (CIM) mappings) setting. The best practice is to set display_value to all in your deployment going forward and to revert the extractions in your props.conf accordingly. For more information, see the Edit the display values for the ServiceNow API section of the Upgrade topic in this manual.

Version 6.3.0 of the Splunk Add-on for ServiceNow includes the following new features:

Support for the OR condition in the Filter Parameters setting for filtering ServiceNow Table data.
Support for a new user interface (UI) setting titled Included Properties. This setting lets the user choose and set fields to be fetched from tables for each input.
The Record Count setting is now configurable in the UI for accounts. This lets users set the maximum number of records to be fetched at each call to the database tables from the UI.
All the historical data for an input is now collected in the first interval. This helps users collect historical data faster.
Support for version 4.18 of the Common Information Model (CIM).
Added support for the severity_id CIM field in the Ticket Management data model.
Replaced the Ticket Management Change data model mapping with the Ticket Management data model mapping for the snow_change_task event type.

Fixed issues¶

Version 6.3.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 6.3.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Version 6.3.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software libraries:

Version 6.2.0¶

Version 6.2.0 of the Splunk Add-on for ServiceNow was released on September 30, 2020.

Compatibility¶

Version 6.2.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	7.1.x, 7.2.x, 7.3.x, 8.0.x
CIM	4.16
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow London, Madrid, New York, Orlando, and Paris

New features¶

Version 6.2.0 of the Splunk Add-on for ServiceNow includes the following new features:

Changed default time of from last 1 year to fetch events from last 7 days.

Fixed issues¶

Version 6.2.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 6.2.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Version 6.2.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software libraries:

Version 6.1.0¶

Version 6.1.0 of the Splunk Add-on for ServiceNow was released on July 29, 2020.

Compatibility¶

Version 6.1.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	7.1.x, 7.2.x, 7.3.x, 8.0.x
CIM	4.16
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow London, Madrid, New York, and Orlando

New features¶

Version 6.1.0 of the Splunk Add-on for ServiceNow includes the following new features:

Support for default URL creation for the following custom commands: : snowevent and snowincident.
Changed default running time of saved searches from all time to last 30 days.
Support for ingestion of custom fields from ServiceNow events.
Enhanced python library structure.

Fixed issues¶

Version 6.1.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 6.1.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Version 6.1.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software libraries:

Version 6.0.0¶

Version 6.0.0 of the Splunk Add-on for ServiceNow was released on May 8, 2020.

Compatibility¶

Version 6.0.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	7.1.x, 7.2.x, 7.3.x, 8.0.0
CIM	4.15
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow London, Madrid, New York, and Orlando

New features¶

Version 6.0.0 of the Splunk Add-on for ServiceNow includes the following new features:

OAuth 2.0 Authentication support
Ability to configure accounts on Splunk Cloud instances.
Ability for API to fetch incident info using incident ID.
Support for updating of custom fields that are not included with add-on.
Alignment of Splunk Drilldown in ServiceNow tickets with the same Drilldown Search in ITSI.

Fixed issues¶

Version 6.0.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 6.0.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Version 6.0.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software libraries:

Version 5.0.1¶

Version 5.0.1 of the Splunk Add-on for ServiceNow was released on February 10, 2020.

Compatibility¶

Version 5.0.1 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.0
CIM	4.12
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow Kingston, London, Madrid, and New York

New features¶

Version 5.0.1 of the Splunk Add-on for ServiceNow includes the following new feature:

New custom command “snowincidentalert” returns the SNOW Incident URL and ticket ID when a ticket is created.

Fixed issues¶

Version 5.0.1 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 5.0.1 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Version 5.0.1 of the Splunk Add-on for ServiceNow incorporates the following third-party software libraries:

Version 5.0.0¶

Version 5.0.0 of the Splunk Add-on for ServiceNow was released on October 21, 2019.

Compatibility¶

Version 5.0.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	7.0.x, 7.1.x, 7.2.x, 7.3.x, 8.0.0
CIM	4.12
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow Kingston, London, Madrid, and New York

New features¶

Version 5.0.0 of the Splunk Add-on for ServiceNow includes the following new feature:

Support for Python 3.

Fixed issues¶

Version 5.0.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 5.0.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Version 5.0.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software libraries:

Version 4.0.0¶

Version 4.0.0 of the Splunk Add-on for ServiceNow was released on June 19, 2019.

Compatibility¶

Version 4.0.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	6.5.x, 6.6.x, 7.0.x, 7.1.x, 7.2.x, 7.3.x
CIM	4.12
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow Kingston, London and Madrid

New features¶

Version 4.0.0 of the Splunk Add-on for ServiceNow includes the following new feature:

Support for multiple ServiceNow accounts
Support for ServiceNow London and Madrid

Fixed issues¶

Version 4.0.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 4.0.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Version 4.0.0 of the Splunk Add-on for ServiceNow incorporates the following third-party software libraries:

Version 3.1.0¶

Compatibility¶

Version 3.1.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms.


Splunk platform versions	6.5.x, 6.6.x, 7.0.x, 7.1.x, 7.2.x
CIM	4.11
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow Helsinki, Istanbul, Jakarta, and Kingston

Upgrade instructions¶

This upgrade procedure is required for all users upgrading from any version prior to version 3.0.0 of the Splunk Add-on for ServiceNow, and who have not previously set the display_value field in service_now.conf to all. If you are collecting data with display_value=all, there is no need to upgrade.

The value of display_value is changed to all by default in Splunk Add-on for ServiceNow 3.0.0. But if you want to collect the display values using lookups and not directly from the API then the upgrade steps defined in Upgrade the Splunk Add-on for ServiceNow should be followed.

New features¶

Version 3.1.0 of the Splunk Add-on for ServiceNow includes the following new features:

Support for ServiceNow Kingston
Added the Configuration Management Database (CMDB) input as a default data input

Fixed issues¶

Version 3.1.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 3.1.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Version 3.1.0 of the Splunk Add-on for ServiceNow incorporates the following third-party library:

Httplib2 Python library.

Version 3.0.0¶

Compatibility¶

Version 3.0.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms.


Splunk platform versions	6.5.X or later
CIM	4.0 or later
Supported OS for data collection	Platform Independent
Vendor products	ServiceNow Geneva, Helsinki, Istanbul and Jakarta

New features¶

Version 3.0.0 of the Splunk Add-on for ServiceNow includes the following new features:

Support for ServiceNow Jakarta
The identify field is now configurable.
The Splunk Add-on for ServiceNow is now able to receive data from individual Assignment Groups using the ServiceNow REST API.
The ServiceNow CMDB CI Server savedsearch, which loads configuration management database (CMDB) information as a snapshot, to show which configuration items (CIs) were deleted. Deleted CIs can be viewed under the ServiceNow Sys Delete List, indexed under *"sourcetype="snow:sys_audit_delete
The Splunk Add-on for ServiceNow no longer needs lookups to perform field extractions.

Fixed issues¶

Version 3.0.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 3.0.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Version 3.0.0 of the Splunk Add-on for ServiceNow incorporates the Httplib2 Python library.

Version 2.9.1¶

Compatibility¶

Version 2.9.1 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms.


Splunk platform versions	6.4.X or later
CIM	4.0 or later
Platforms	Platform Independent
Vendor Products	ServiceNow Helsinki, Geneva, Fuji, Istanbul

New features¶

Version 2.9.1 of the Splunk Add-on for ServiceNow does not include any new features.

Fixed issues¶

Version 2.9.1 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 2.9.1 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Version 2.9.1 of the Splunk Add-on for ServiceNow incorporates the Httplib2 Python library.

Version 2.9.0¶

Version 2.9.0 of the Splunk Add-on for ServiceNow was released on June 27, 2016.

Compatibility¶

Version 5.0.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms:


Splunk platform versions	6.3.X or later
CIM	4.0 or later
Platforms	Platform Independent
Vendor Products	ServiceNow Helsinki, Geneva, Fuji, Istanbul

Upgrade guide¶

The upgrade notes below are intended for customers upgrading from either version 2.7.0 or 2.8.0 to version 2.9.0. If you are upgrading from a version earlier than 2.7.0, refer also to the upgrade guide for version 2.7.0 in the Release history for the Splunk Add-on for ServiceNow for additional upgrade steps.

This version of the add-on drops support for Splunk platform versions older than 6.3.X. If you are running older versions of the Splunk platform, upgrade them to a minimum of 6.3.X before upgrading the add-on.

This version of the add-on deprecates the input for the syslog table in ServiceNow. The input is still included for backwards compatibility, but Splunk recommends that you disable this input and instead enable the newly added sysevent input which is more performant. See Source types for the Splunk Add-on for ServiceNow.

New features¶

Version 2.9.0 of the Splunk Add-on for ServiceNow includes the following new features.

Date	Ticket number	Description
2016-06-01	ADDON-9369	Support for ServiceNow customers using Helsinki, Geneva or Fuji on a bare-metal deployment of ServiceNow.
2016-05-30	ADDON-8795	Support for a performance workaround to ingest display names from ServiceNow API rather than using saved searches.
2016-05-17	ADDON-5797	New modular input for sysevent table. Deprecation of syslog table.

Fixed issues¶

Version 2.9.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Known issues¶

Version 2.9.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Third-party software attributions¶

Version 2.9.0 of the Splunk Add-on for ServiceNow incorporates the Httplib2 Python library.

Version 2.8.0¶

Compatibility¶

Version 2.8.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms.


Splunk platform versions	6.1 or later
CIM	4.0 or later
Platforms	Platform Independent
Vendor Products	ServiceNow Geneva, Fuji, Eureka

New features¶

Version 2.8.0 of the Splunk Add-on for ServiceNow includes the following new features.

Date	Ticket number	Description
2015-12-	ADDON-5984	Support for ServiceNow version Geneva.
2015-12-	ADDON-6109	Populate incident state lookup automatically using a saved search.

Fixed issues¶

Version 2.8.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Date	Defect number	Description
2015-12-01	ADDON-6733	Need to add `start_by_shell=false` to the `[snow]` stanza of inputs.conf to avoid problems with orphaned modular input processes on Ubuntu.
2015-11-29	ADDON-6101	Change incident state lookup should rely on state field rather than on incident_state field.
2015-10-20	ADDON-5982	Data returned by the ServiceNow mod input is in the form of JSON object instead of key-value pair causing lookup to fail.
2015-10-19	ADDON-5985	TA-utils calculates add-on name using the installation path, causing connection issues for customers who install the add-on in an unexpected directory.

Known issues¶

Version 2.8.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Date	Defect number	Description
2016-06-08	ADDON-10123	Add-on does not support new ServiceNow API parameter “sysparm_limit” that replaces “sysparm_record_count”, causing incident data input to fail
2016-03-15	ADDON-8301	Cannot load add-on’s setup screen if a proxy is configured in `$SPLUNK_HOME/etc/splunk-launch.conf`.
2016-02-26	ADDON-7976	Indexing stops when one of the metadata fields contains special characters
2016-02-12	ADDON-7766	Add-on unable to retreive data due to unhandled 403 error
2016-01-30	ADDON-7646	FIPS mode is not supported by this add-on. For a workaround, see Add-ons and FIPS mode in the Splunk Add-ons manual.
2016-01-13	ADDON-5325	`requireClientCert=true` in `server.conf` is not supported by add-ons using modular inputs and REST. If this setting is enabled in `server.conf`, communication is broken between the modular input and splunkd and the add-on stops collecting data. The following error appears in the `splunkd.log`: “SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate.” The workaround is to set `requireClientCert=false`.
2015-10-30	ADDON-6732	Poor error message when user enters incorrect username or password in the setup UI.
2015-10-29	SPL-104398	For users running the Splunk platform on Ubuntu on versions prior to 6.3.0, the `start_by_shell=false` setting will not take effect and the Splunk platform will display a warning message on startup. Workaround: update your Splunk software to version 6.3.0 or later.
2015-09-15	ADDON-5559	Source type renames in version 2.7.0 of this add-on cause duplicate inputs to appear when you upgrade the add-on from any version previous to version 2.7.0 to version 2.7.0 or later. Workaround: Follow the upgrade guide delete the old inputs before upgrading.
2015-09-07	SPL-106370 / ADDON-5387	Cannot delete a field value when editing a custom alert action in Splunk version 6.3.0. Workaround: Replace the field value that you want to delete with a whitespace.
2015-09-07	ADDON-5349	Custom alert actions do not offer any validation for alert action fields.
2015-03-20	ADDON-3401	Add-on can successfully fetch data but fails to create incidents when user configures a ServiceNow URL ending in trailing slash or other spurious special characters.
2015-03-12	ADDON-3254	ServiceNow (all versions) sets the priority for incidents based on their urgency and impact values, ignoring any priority value passed manually via search commands or scripts. Workaround: Use the impact and urgency parameters instead of the priority value.
2014-11-18	ADDON-2334 / ADDON-5015	Bug in ServiceNow can sometimes cause the timestamp in field `sys_updated_on` to be later than “now”, which can cause incomplete search results.
2014-12-24	SPL-91709	When using Splunk platform version 6.3 or earlier on Windows, splunkd times out on setup. Workaround: Upgrade to Splunk platform version 6.4 or refresh the page and try again.

Third-party software attributions¶

Version 2.8.0 of the Splunk Add-on for ServiceNow incorporates the Httplib2 Python library.

Version 2.7.0¶

Compatibility¶

Version 2.7.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms.


Splunk platform versions	6.1 or later
CIM	4.0 or later
Platforms	Linux
Vendor Products	ServiceNow Fuji, Eureka

Upgrade guide¶

Version 2.7.0 of this add-on removes support for ServiceNow versions Dublin and Calgary. The add-on retains backwards compatibility for these versions, so no migration activity is required as a result of this change.

The 2.7.0 version of the add-on uses a different API to connect to ServiceNow. The new API uses a different variation of the database table name for five tables in ServiceNow. If you had enabled these tables in the past, disable and delete these old inputs before upgrading the add-on to avoid confusion. Your old data remains valid and searchable, but all new data is indexed using the new naming.

Disable the following five inputs in your existing add-on:
- cmdb_ci_list
- cmn_location_list
- sys_choice_list
- sys_user_group_list
- sys_user_list
Upgrade your add-on to version 2.7.0.
Open each of the new inputs and adjust the data collection start time too today to avoid collecting all historical data again.
- cmdb_ci
- cmn_location
- sys_choice
- sys_user_group
- sys_user
Enable the new inputs.
Delete the five inputs ending with _list to avoid any future confusion.

ServiceNow version upgrade guide¶

If you were previously using the Splunk Add-on for ServiceNow with version Eureka, Dublin, or Calgary and you are now upgrading your ServiceNow instance to version Fuji, note the following behavior changes affecting incident and event creation and incident update:

1. Due to changes in ServiceNow version Fuji, snowincidentstream or snow_incident.py always creates a new incident rather than updating an existing incident, unless you supply the correlation_id for the existing incident that you wish to update.

2. Also, in ServiceNow versions Eureka, Dublin, or Calgary, for incident creation or update, if the combination of category, short_description, and contact_type, subcategory, and ci_identifier are not unique to a single incident, ServiceNow attempts to treat all affected tickets as the same ticket, causing conflicts. Similarly, for event creation, if the combination of node, resource, type, and severity are not unique to a single event, ServiceNow attempts to treat all affected events as the same event, causing conflicts. In ServiceNow version Fuji, ServiceNow no longer treats similar incidents or events as the same ticket unless the user provides an identical correlation_id.

New features¶

Version 2.7.0 of the Splunk Add-on for ServiceNow includes the following new feature.

Date	Ticket number	Description
2015-09-10	ADDON-5035	On Splunk platform version 6.3.0, users can now perform push integration with ServiceNow using custom alert actions. In order to support this new feature, the argument `opened_by` is deprecated for incidents. It is now automatically set to the ServiceNow username of the account used for the Splunk integration with ServiceNow.

Fixed issues¶

Version 2.7.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Date	Defect number	Description
2015-09-10	ADDON-2384 /SPL-40332	On Windows, lookup tables are not populated. Note: Fixed for Splunk platform 6.3.0 and later only.
2015-07-07	ADDON-4465	Unable to run snowincident searches on a search head cluster. Note: Fixed for Splunk platform 6.3.0 and later only.

Known issues¶

Version 2.7.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Date	Defect number	Description
2015-11-30	ADDON-6733	When using dash shell (the default shell in Ubuntu), the Splunk platform does not terminate modular input processes properly. Workaround: If running the Splunk platform on Ubuntu, add `start_by_shell=false` to the `[snow]` stanza of inputs.conf.
2015-10-29	SPL-104398	For users running the Splunk platform on Ubuntu, the `start_by_shell=false` setting will not take effect and the Splunk platform will display a warning message on startup. Workaround: update your Splunk software to version 6.3.0 or later.
2015-10-19	ADDON-6101	Change incident state lookup should rely on state field rather than on incident_state field.
2015-10-08	ADDON-5982	Data returned by the ServiceNow mod input is in the form of JSON object instead of key-value pair causing lookup to fail..
2015-10-08	ADDON-5985	TA-utils calculates add-on name using the installation path, causing connection issues for customers who install the add-on in an unexpected directory.
2015-09-15	ADDON-5559	Source type renames cause duplicate inputs to appear. Workaround: Follow the migration guide to delete the old inputs before upgrading to the new version of the add-on.
2015-09-07	SPL-106370 / ADDON-5387	Cannot delete a field value when editing a custom alert action. Workaround: Replace the field value that you want to delete with a whitespace.
2015-09-07	ADDON-5349	Custom alert actions do not offer any validation for alert action fields.
2015-08-18	ADDON-4935	Due to bug in ServiceNow version Dublin, incidents created from Splunk platform have an empty incident number.
2015-03-20	ADDON-3401	Add-on can successfully fetch data but fails to create incidents when user configures a ServiceNow URL ending in trailing slash or other spurious special characters.
2015-03-12	ADDON-3254	ServiceNow (all versions) sets the priority for incidents based on their urgency and impact values, ignoring any priority value passed manually via search commands or scripts. Workaround: Use the impact and urgency parameters instead of the priority value.
2014-12-24	SPL-91709	On Windows, splunkd times out on setup.
2014-12-08	ADDON-2392	Fields in Splunk Web UI are not aligned on data input page if you zoom in.
2014-11-18	ADDON-2334 / ADDON-5015	Bug in ServiceNow can sometimes cause the timestamp in field `sys_updated_on` to be later than “now”, which can cause incomplete search results.

Third-party software attributions¶

Version 2.7.0 of the Splunk Add-on for ServiceNow incorporates the Httplib2 Python library.

Version 2.6.1¶

Compatibility¶

Version 2.6.1 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms.


Splunk platform versions	6.2, 6.1
CIM	4.2, 4.1, 4.0
Platforms	Linux
Vendor Products	ServiceNow Fuji, Eureka, Dublin, and Calgary

Fixed issues¶

Version 2.6.1 of the Splunk Add-on for ServiceNow fixes the following issues:

Date	Defect number	Description
08/04/15	ADDON-4004	Add-on fails with KeyError: ‘elements’ when connecting through a proxy set up in splunk-launch.conf.
08/04/15	ADDON-4449	Event navigation from ServiceNow to Splunk platform does not work in Eureka.
08/04/15	ADDON-4478	Get “Exception: Invalid proxy type=None” even with proxy setting disabled.
08/04/15	ADDON-4458	None type error thrown when URL has not been configured.
07/05/15	ADDON-4295	Overriding the autoselection of ServiceNow version does not work.

Known issues¶

Version 2.6.1 of the Splunk Add-on for ServiceNow contains the following known issues:

Date	Defect number	Description
08/18/15	ADDON-4935	Due to bug in ServiceNow version Dublin, incidents created from Splunk platform have an empty incident number.
07/06/15	ADDON-4465	Unable to run snowincident searches on a search head cluster.
03/20/15	ADDON-3401	Add-on can successfully fetch data but fails to create incidents when user configures a ServiceNow URL ending in trailing slash or other spurious special characters.
03/12/15	ADDON-3254	ServiceNow (all versions) sets the priority for incidents based on their urgency and impact values, ignoring any priority value passed manually via search commands or scripts. Workaround: Use the impact and urgency parameters instead of the priority value.
12/24/14	SPL-86716	On Windows, splunkd times out on setup.
12/08/14	ADDON-2392	Fields in Splunk Web UI are not aligned on data input page if you zoom in.
11/25/14	ADDON-2384 /SPL-40332	On Windows, lookup tables are not populated.
11/18/14	ADDON-2334 / ADDON-5015	Bug in ServiceNow can sometimes cause the timestamp in field `sys_updated_on` to be later than “now”, which can cause incomplete search results.

Third-party software attributions¶

Version 2.6.1 of the Splunk Add-on for ServiceNow incorporates the Httplib2 Python library.

Version 2.6.0¶

Compatibility¶

Version 2.6.0 of the Splunk Add-on for ServiceNow has the same compatibility specifications as version 2.6.1.

New features¶

Date	Ticket number	Description
04/14/15	ADDON-3707	Ship syslog, syslog_transaction, and sys_audit endpoints for data collecting by default
03/22/15	ADDON-3026	Support for ServiceNow version Fuji.
03/19/15	ADDON-2925	Support deep dive URLs in incidents.
03/04/15	ADDON-3236	Setup screen can automatically detect ServiceNow version.
03/04/15	ADDON-3200	Populate CSVs via saved searches for ServiceNow choice fields.

Fixed issues¶

Version 2.6.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Date	Defect number	Description
04/13/15	ADDON-3678	The transpose command in the add-on conflicts with a command in the Search and Reporting app and causes problems with Splunk App for Enterprise Security.
04/10/15	ADDON-3576	Input fails on newlines in description field.
03/24/15	ADDON-2296	Workflow actions do not work in Splunk Enterprise 6.2.
03/12/15	ADDON-3302	Wildcards in sourcetype not working as expected.
03/12/15	ADDON-3254	Fail to set incident priority through search command “snowincident”
03/03/15	ADDON-3196	Commands.conf has default stanza globally impacting search commands.
02/10/15	ADDON-3022	Updates to non-mandatory parameters result in a new URL.
### Known issues

Version 2.6.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Date	Defect number	Description
05/13/15	ADDON-4004	Add-on fails with KeyError: ‘elements’ when connecting through a proxy set up in splunk-launch.conf. Workaround: Do not use global proxy settings with add-ons. Instead, configure a proxy using the add-on’s built-in proxy configuration support.
03/20/15	ADDON-3401	Add-on can successfully fetch data but fails to create incidents when user configures a ServiceNow URL ending in trailing slash or other spurious special characters.
03/12/15	ADDON-3254	ServiceNow (all versions) sets the priority for incidents based on their urgency and impact values, ignoring any priority value passed manually via search commands or scripts. Workaround: Use the impact and urgency parameters instead of the priority value.
12/24/14	SPL-86716	On Windows, splunkd times out on setup.
12/08/14	ADDON-2392	Fields in Splunk Web UI are not aligned on data input page if you zoom in.
11/25/14	ADDON-2384 /SPL-40332	On Windows, lookup tables are not populated.
11/18/14	ADDON-2334	When running a search “sourcetype=snow:change_request”, the timestamp (in field sys_updated_on) is later than “now”, which can cause incomplete search results.

Third-party software attributions¶

Version 2.6.0 of the Splunk Add-on for ServiceNow incorporates the Httplib2 Python library.

Version 2.5.0¶

Compatibility¶

Version 2.5.0 of the Splunk Add-on for ServiceNow is compatible with the following software, CIM versions, and platforms.


Splunk Enterprise versions	6.2, 6.1
CIM	4.1, 4.0
Platforms	Platform independent
Vendor Products	ServiceNow Eureka, Dublin, and Calgary

New features¶

Version 2.5.0 of the Splunk Add-on for ServiceNow included the following new features.

Date	Ticket number	Description
11/25/14	ADDON-683	The add-on is now Splunk supported.
11/25/14	ADDON-683	The add-on now ingests data to Ticket Management data model.
11/25/14	ADDON-683	The add-on gets data from ServiceNow CMDB API into Splunk Enterprise for data enrichment.
11/25/14	ADDON-683	Added the ability to create new incidents and events from Splunk Enterprise.
11/25/14	ADDON-683	Added the ability to manage incidents from Splunk Enterprise if they were created from Splunk Enterprise.
11/25/14	ADDON-1889	Added prebuilt panels.
11/25/14	ADDON-1878	Add-on now routes data to the main index by default.
11/14/14	ADDON-1857	Added support for ServiceNow versions Eureka and Dublin.

Fixed issues¶

Version 2.5.0 of the Splunk Add-on for ServiceNow fixes the following issues:

Date	Defect number	Description
12/18/14	ADDON-2317	Log level “FATAL” does not work.
12/18/14	ADDON-2335	Add-on fails to create event with custom search command when specifying time_of_event.
12/13/14	ADDON-2309	There is no column for “additional info” in ServiceNow in splunk_incident.

Known issues¶

Version 2.5.0 of the Splunk Add-on for ServiceNow contains the following known issues:

Date	Defect number	Description
04/13/15	ADDON-3678	The transpose command in the add-on conflicts with a command in the Search and Reporting app and causes problems with Splunk App for Enterprise Security.
12/11/14	N/A	The custom search commands and alert-triggered scripts included in this add-on are limited in their ability to create and update events in ServiceNow, per ServiceNow design. For incident creation or update, if the combination of category, short_description, and contact_type are not unique to a single incident, ServiceNow will attempt to treat all affected tickets as the same ticket, causing conflicts. Similarly, for event creation, if the combination of node, resource, type, and severity are not unique to a single event, ServiceNow will attempt to treat all affected events as the same event, causing conflicts.
12/08/14	ADDON-2392	Fields in Splunk Web UI are not aligned on data input page.
11/18/14	ADDON-2334	When running a search “sourcetype=snow:change_request”, the timestamp (in field sys_updated_on) is later than “now”, which can cause incomplete search results.
### Third-party software attributions

Version 2.5.0 of the Splunk Add-on for ServiceNow incorporates the Httplib2 Python library.