Use workflow actions for the Splunk Add-on for ServiceNow¶
The Splunk Add-on for ServiceNow includes workflow actions that allow you to access incidents, events, change records, alerts, and knowledge base articles in ServiceNow directly from your Splunk search results.
| Workflow action | Scope | Usage |
|---|---|---|
| Open ServiceNow Alert | Any event returned by a Splunk search that has sourcetype=snow:em_event and contains the field alert with any non-null value. |
The workflow action opens the alert in ServiceNow in a new tab in your browser. |
| Open ServiceNow Change Record | Any event returned by a Splunk search that has sourcetype=snow:change_request. |
The workflow action opens the change request in ServiceNow in a new tab in your browser. |
| Open ServiceNow Event | Any event returned by a Splunk search that has sourcetype=snow:em_event. |
The workflow action opens the event in ServiceNow in a new tab in your browser. |
| Open ServiceNow Incident | Any event returned by a Splunk search that has sourcetype=snow:incident. |
The workflow action opens the incident in ServiceNow in a new tab in your browser. |
| Open ServiceNow Knowledge | Any event returned by a Splunk search that has any ServiceNow source type (sourcetype=snow*) and contains the field error. |
The workflow action opens a new tab in your browser to run a search in your ServiceNow Knowledge Base for the text of the error in your selected event. |