ServiceNow integration with Elasticsearch

Elastic Stack Elasticsearch
1

Hi,

I have a setup of ELK Stack 7.5.1 to visualize/analyse different kind of logs in our environment. Now, I have a serviceNow of tool where we raise ticket.
I want to integrate serviceNow with elasticsearch is there any direct integration available?
Please help.

Thanks,
Regards,
Tahseen

2

Hi @tahseen_fatima - Could you tell us more about your use case and what you would expect as part of the integration with ServiceNow?

3

HI,
Firstly thank you for the reply.

We are using serviceNow Madrid ticketing tool,
my use case is: whoever raised a new ticket in serviceNow that ticket should automatically ingest it to elasticsearch.
After that we can able to analysize.

Thanks,
Regards,
Tahseen

4

@tahseen_fatima Thank you for the information provided.

There is no out-of-the-box integration between Elasticsearch and ServiceNow.

I am not an expert with ServiceNow, but these ideas below could be worth exploring:

  • Use Logstash and the http_poller input plugin to retrieve data from the incident table in ServiceNow.
  • Looking at the documentation in ServiceNow, it might be possible to define a business rule when an event is triggered and use the outbound REST web service (e.g. calling Logstash / Elasticsearch APIs to ingest documents).

I hope that helps.

5

Hi,
Thank you for the reply.

This is my logstash config file:

input {
  http_poller {
    urls => {
      url => "https://dev68751.service-now.com"
        }
    request_timeout => 60
    #proxy => { host => "0.0.0.0" port => "443" scheme => "http"}
    schedule => { cron => "* * * * * UTC"}
    metadata_target => "http_poller_metadata"
    codec => "json"
    user => "admin"
    password => "*****@"
  }
}
output {
  stdout {
    codec => rubydebug
  }
}

The output I am getting.

.base');\nvar $targets = angular.element('*[concourse-compilation-target]');\nvar bootstrapModule = angular.module('appBootstrap', window.NOW.ngLoadModules);\nangular.bootstrap(document.documentElement, [bootstrapModule.name]);\nscheduleCompilation($targets);\n}\nangular.element(document).ready(function() {\nsetTimeout(bootstrap)\n});\n})(angular, window);\n;\n</script></body></html>",
                    "tags" => [
        [0] "_jsonparsefailure"
    ],
    "http_poller_metadata" => {
           "times_retried" => 0,
                    "host" => "tahseen",
        "response_headers" => {
                              "expires" => "0",
                                 "date" => "Fri, 07 Feb 2020 06:40:51 GMT",
                               "pragma" => "no-store,no-cache",
                      "x-frame-options" => "SAMEORIGIN",
                         "content-type" => "text/html;charset=UTF-8",
                       "x-is-logged-in" => "false",
            "strict-transport-security" => "max-age=63072000; includeSubDomains",
                     "x-transaction-id" => "f0602b7ddb76",
                               "server" => "ServiceNow",
                      "referrer-policy" => "same-origin",
                        "cache-control" => "no-cache,no-store,must-revalidate,max-age=-1",
                    "transfer-encoding" => "chunked",
                           "set-cookie" => [
                [0] "JSESSIONID=817CE4D2BCCD20095554E7EB311FA0E8; Path=/; HttpOnly;Secure",
                [1] "glide_user=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly;Secure",
                [2] "glide_user_session=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/; HttpOnly;Secure",
                [3] "glide_user_route=glide.d0049332062fb78bdaadecdaf9983d3c; Max-Age=2147483647; Expires=Wed, 25-Feb-2088 09:54:58 GMT; Path=/; HttpOnly;Secure",
                [4] "BIGipServerpool_dev68751=192960522.64064.0000; path=/; Httponly; Secure"
            ]
        },
        "response_message" => "OK",
         "runtime_seconds" => 2.023368,
                    "name" => "url",
                 "request" => {
               "url" => "https://dev68751.service-now.com",
            "method" => "get"
        },
                    "code" => 200
    }
}

Why it is giving "_jsonparsefailure"

Kindly help.

Thanks,
Tahseen

6

@tahseen_fatima - the url is not correct - this is not a valid ServiceNow REST API endpoint.

You should check the REST API reference from ServiceNow and choose which REST API endpoint you wish to use.

7

Hi,

Now I am giving this url
url => "https://dev***.service-now.com//api/now/table/incident?sysparm_query=number=INC0000601"

No I am getting the following output.

image
image1440×900 132 KB

image
image1440×900 121 KB

Now I am getting the proper output.

But I want to ingest multiple incidents. Kindly refer the below image.

Screenshot from 2020-02-07 13-33-56
Screenshot from 2020-02-07 13-33-561440×900 126 KB

Thanks,
Tahseen

8

@tahseen_fatima - I am not an expert in ServiceNow API but from what I can see, the previous url is matching a specific incident number (i.e. sysparm_query=number=INC0000601). You would need to check which query parameters would return to you the list of desired documents.

1 Like
9

Okay!!
Thanks for your help.

Tahseen.

1 Like
10

Hi,

Thanks for the help,
I have solved the issue.

This is my new url.
url => "https://dev68751.service-now.com/api/now/table/incident?sysparm_display_value=false&sysparm_fields=number%2Cstate%2Cpriority&sysparm_limit=10"

output:

Screenshot from 2020-02-07 15-51-59
Screenshot from 2020-02-07 15-51-591440×900 104 KB

Now I am getting the full data.

Thanks,
Tahseen

1 Like
11

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.