UXM and ServiceNow integration
Setting up integration between UXM (Splunk) and ServiceNow involves configuring both platforms to communicate effectively so that events and incidents detected in Splunk can be automatically sent to ServiceNow for further action or resolution.
ServiceNow configuration
Follow the guide to set and configure Splunks ServiceNow integration: Splunks ServiceNow integration
The following app will be installed on ServiceNow and Splunk will be able to query the API and create/pull incients.
UXM configuration
Splunk Add-on for ServiceNow needs to be installed. This needs to be downloaded from the following link:
Open the Add-on and configure the ServiceNow service account using either Basic or OAth2 authentication:
Incidents can be import to Splunk/UXM via input_name incident.
Alerts can be send to ServiceNow from Scheduled Saved Searches either as Incidents or Events, UXM needs to know the values for the following, which could be custom at customers:
- State
- Contact Type
- Assignment Group
- Category
- Subcategory
- Impact
- Urgency
- Priority
Correlation ID can be used to only create 1x incident and reopen/append to that incident if it already exists: