ServiceNow Is Available in Splunk Enterprise!

Many of our customers have shared  their top challenges with ServiceNow, some of which we have highlighted below. Which of these are you hearing, saying, or wish you could do now?

• How can I see results across all of my ServiceNow instances?
• How can I get results in 2-clicks  for my highest priority items across my enterprise?
• How can I see a dynamic map of dependencies across my systems?
• How can I quickly get all critical ServiceNow data into Splunk and see results in minutes? 
   

Splunk can help you answer these ServiceNow questions and many more. In this blog I will highlight one solution we recently released to address these challenges, specifically with the Splunk Content Pack for ServiceNow.

The new Splunk Content Pack for ServiceNow brings in key data such as: events, change requests, incidents, and business applications from all of your ServiceNow instances into Splunk, and makes it all easily visible and available, so that you can make informed business decisions. You may recall that we recently archived the Splunk App for ServiceNow. The Splunk Content Pack for ServiceNow is the new and improved version. 

This new Content Pack provides: 1 Service Analyzer, 4 Services, 12 Key Performance Indicators (KPIs), 10 Dashboards, 4 Glass Tables, 1 Technology Add-On (TAs), 4 Entity Types, and 15 Vital Metrics. As a result, you’ll get results within minutes not days, and get full visibility and awareness across all of your ServiceNow instances and enabling IT Operations, SRE’s  / DevOps / DevSecOps, Business & IT Executives to understand and act. 

It’s FREE with both Splunk IT Essentials Work (ITE Work) and Splunk IT Service Intelligence (ITSI), but you might already recall that from my blogs on our Splunk Content Packs for Microsoft Exchange and Microsoft 365 and 3rd Party APM and Splunk Observability Cloud.

^{Figure 1-1. Content Pack for ServiceNow: Executive Glass Table}

Install & Configure [Simple & Fast]

As we continue to create new, free and easy ways to extend the value of Splunk , we also are focused on speed to results. Below you will see step by step instructions in the “Install and Configure” sections of this blog, so you can see how simple this is, and the speed to results you can achieve. 

Install

You will find the Splunk Content Pack for ServiceNow bundled within the Splunk App for Content Packs v1.5.0 and up. Upon opening the app, select the icon representing this content pack, and within 60 seconds it is installed.

Configure

Then you will configure the Splunk Add-On for ServiceNow, so to start bringing data in from your ServiceNow instances, and this only takes a few minutes.

Glass Tables in Splunk Content Pack for ServiceNow

Glass Tables enable you to visualize and monitor the relationships and dependencies across your IT and business services. You can use Glass Tables to create dynamic contextual views of your IT topology or business processes and monitor them in real-time. You can add metrics like KPIs, ad hoc searches, and service health scores that update in real-time against a background that you design. Glass Tables show real-time data generated by KPIs and services.

The Splunk Content Pack for ServiceNow includes four (4) preconfigured Glass Tables providing insights across your key services, KPI’s, and entities; all relating to: events, incidents, and change Requests. There are a number of personas which this is relevant, some we have highlighted below, along with why this is important to them.

• IT Operations: As a member (or head) of the IT Operations team, I need to have visibility into the state of events, incidents and change requests, so to ensure services are delivered to all customers without interruption.
• CIO / CTO: As the CIO, CTO(s) or member of these offices, I need to ensure full visibility and awareness of our key systems and applications, ensuring our business leaders are able to operate our business without interruption or incident. 
• Business Leader: As a business leader or member of the business team, I need to have visibility to known events, incidents, and change requests, so we can operate our business effectively and serve our customers with speed and efficiency.
• Support Analysts: As a member (or head) of Customer or Operations support team, I would like immediate insights into the state of events, incidents and change requests, enabling our group to best serve (being informed and aware) our constituents quickly and with accurate information to critical services and systems. 
• DevOps / SRE: As a member (or head) of the engineering team, correlation and telemetry across observability and other data sets (including: events, incidents and change requests) are the insights we need, so as to deliver services without interruption to our stakeholders.
• DevSecOps: As a member (or head) of the DevSecOps team or practice, I need to provide insights into the lower and production environments and observe events, incidents and change requests trends and results, to increase accountability for security to deliver secure services faster with reduced business and customer risk consistently.
   

Within the Splunk Content Pack for ServiceNow, we have provided the 4 Glass Tables: [please do remember it is simple to clone and make these examples your own, often only taking minutes]

1. Executive Glass Table
2. Events Glass Table
3. Incidents Glass Table
4. Change Requests Glass Table
    

Glass Table: Executive Glass Table

The Executive Glass Table, delivers rolled-up insights across 5 major areas: Overall Health, Events, Change Requests, Incidents, and Business Applications. 

In a single view, you get a quick and real-time update as to what is going on across all of your ServiceNow instances, providing single-click access to additional details.

In addition to colors showing the current state, you also see trends for each of these major areas, enabling you to make this interactive glass table available within your NOC and/or SOC on a 40 foot wall and/or a 3rd monitor for your stakeholders.

How do you get these insights today?

^{Figure 1-2. Content Pack for ServiceNow: Executive Glass Table}

Glass Table: Events Glass Table

This Events Glass Table provides a top level view across all your ServiceNow instances, specific Events information, and a few key charts. 

The top level view includes: Overall Health, Events, Change Requests, Incidents, and Business Application. Next level down, you have a quick overview of the 4 major elements specific to Events: Event Notes, Event Resources, Event Severity, and Event Type. Lastly, you can find results in tables for: Events State by Top 10 Nodes, Events by Resources, Events by Severity, and Events by Type.

After you click into the details, with another click you will move into your ServiceNow instance embedded deep link, providing you with results fully in context. Getting you to the specific item of interest in just 2 clicks and seconds.

^{Figure 1-3. Content Pack for ServiceNow: Events Glass Table}

Glass Table: Incidents Glass Table

The Incidents Glass Table provides a top level view across all your ServiceNow instances, specific events information, and a few key charts. Do you see the continuity and consistency? 

The top level view includes: Overall Health, Events, Change Requests, Incidents, and Business Application. Next level down, you have a quick overview of the 4 major elements specific to Incidents: P1 Incidents, Incidents Closed, Incidents New, and Incidents Open. And, lastly, you can find results in tables for: Incidents Bubble Chart, Incidents (not Closed or Canceled) by Geography.  

After you click into the details, with another click you will move into your ServiceNow instance embedded deep link, providing you with results fully in context. Getting you to the specific item of interest in just 2 clicks and seconds.

How do you do this today?

^{Figure 1-4. Content Pack for ServiceNow: Incidents Glass Table}

Glass Table: Change Requests Glass Table

The Change Requests Glass Table provides a top level view across all your ServiceNow instances, specific events information, and a few key charts.

The top level view includes: Overall Health, Events, Change Requests, Incidents, and Business Application. Next level down, you have a quick overview of the 3 major elements specific to Change Requests: Request Approvals, Requests Closed, and Requests Open. And, lastly, you can find results in tables for: Change Requests by State, Change Requests by Priority, Change Approval Time by Approver, Change Schedule, and Change Ticket Lookup.  

After you click into the details, with another click you will move into your ServiceNow instance embedded deep link, providing you with results fully in context. Getting you to the specific item of interest in just 2 clicks and seconds.

^{Figure 1-5. Content Pack for ServiceNow: Change Requests Glass Table}

For more information about glass tables, see Overview of the glass table editor in ITSI and a video Getting started with Splunk ITSI Glass Tables.

Service Analyzer, Services, and KPIs in the Content Pack for ServiceNow

The Splunk Content Pack for ServiceNow includes: 1 Service Analyzer, 4 Services and 12 KPI’s, 4 Glass Tables, 4 Entity Types, 15 Vital Metrics, and 10 Dashboards. We will get into some of these details here.

Service Analyzer

The Service Analyzer is the home page for Splunk ITSI and serves as your starting point for monitoring your IT operations. The Service Analyzer enables you to see the live health of your IT environment at a glance.

The Service Analyzer provides an overview of ITSI service health scores and KPI search results that are currently trending at the highest severity levels. Use the Service Analyzer to quickly view the status of IT operations and to identify services and KPIs running outside expected norms. Click on any tile in the Service Analyzer to drill down to the deep dives for further analysis and comparison of search results over time.

There are two service analyzer views: the tile view and the tree view. You can drill down to more detailed information from each view to investigate services with poor health scores.

Within this Service Analyzer we are viewing in “Tree View” and can clearly see each of the 4 Services, and also their ‘status’ with regards to how the underlying KPI’s are reporting

^{Figure 1-6. Content Pack for ServiceNow: Service Analyzer - Tree View}

Services

A Service is a logical mapping of IT objects that applies to your business goals. The definition of a service is fairly broad. Create business and technical services that model those within your environment. Some services might have dependencies on other services. Services contain KPIs which make it possible to monitor service health, perform root cause analysis, receive alerts and ensure that your IT operations are in compliance with business service-level agreements (SLAs).

Below you will find the ‘Tile View’ of the Splunk Content Pack ServiceNow view in Service Analyzer. As you can see this provides you with insights across all 25+ Services, and to their status for the given time range selected, along with the ability to one-click into more results for any of these Services to see the KPI’s, Entities and more.

^{Figure 1-7. Content Pack for ServiceNow: Service Analyzer - Tile View}

KPI’s

A Key Performance Indicator (KPI) is a recurring saved search that returns the value of an IT performance metric, such as CPU load percentage, memory used percentage, response time, and so on. A KPI is used to monitor the health of a service.

You create a KPI within a specific service. It defines everything needed to generate searches to understand the underlying data, including how to access, aggregate, and qualify with thresholds. You can use the search result values to monitor service health, check the status of IT components, and troubleshoot trends that might indicate an issue with your IT systems.

Within the Splunk Content Pack for ServiceNow, we include 12 KPI’s, so you have deep insights across your ServiceNow insights. As you can see in the below screenshot, access to the results are simply one-click away. You can also quickly see the underlying Entities and how each is reporting.

^{Figure 1-8. Content Pack for ServiceNow: Service Analyzer - KPI’s - Entities}

Entity Types and Vital Metrics in the Splunk Content Pack for ServiceNow

Entity Types and Vital Metrics

The Splunk Content Pack for ServiceNow includes custom Entity Types. You can use associations to visualize and troubleshoot various entities. 

The content pack includes 4 custom Entity Types.

1. CMDB
2. Change Requests
3. Event
4. Incident
   
   
   

^{Figure 1-9. Content Pack for ServiceNow: Infrastructure Overview - Entity Types}

Vital Metrics

Within the Splunk Content Pack for ServiceNow you will receive 15 vital metrics out of the box. These show a critical summary within the Entity Type via a set of Vital Metrics which describe the overall health of entities of that type. You can view these metrics on the Entity Health page and drill down further into individual entities. 

^{Figure 1-10. Content Pack for ServiceNow: Infrastructure Overview - Vital Metrics}

You can optionally add, modify, or delete the preconfigured entity types. For instructions to create and edit entity types, see Create custom entity types in ITSI. 

Dashboards in Splunk Content Pack for ServiceNow

A dashboard is used to represent tables or charts which are related to some business meaning. It is done through panels. The panels in a dashboard hold the chart or summarized data in a visually appealing manner. We can add multiple panels, and hence multiple reports and charts to the same dashboard.

Within the Splunk Content Pack for ServiceNow, we have provided 10 Dashboards to provide easy access to valuable information in a quick and easy manner for you.

1. Overview
2. Auto-Created Incidents
3. Change Performance
4. Change Tasks
5. CMDB
6. CMDB Overview
7. Events
8. Incident Performance
9. Incidents Inspector
10. Open Incidents by Geography 
     

Below is the Overview dashboard, providing you with insights from across all of your ServiceNow instances, so as to be quickly informed on all status’ and activities across your organization.

^{Figure 1-11. Splunk Content Pack for ServiceNow: Overview dashboard} 

Next Steps

I trust that was a great overview of this Content Pack, so now you have what you need to get started and get the value for yourself. If you learn better through watching a video, or simply want more...check out our Splunk Content Pack for ServiceNow Overview Video. 

Now you know all about the Splunk Content Pack for ServiceNow, and it is time to install it and get the value for yourself!

For detailed installation steps, see Install and configure the Content Pack for ServiceNow.

This blog post was authored by Todd DeCapua, Field Solutions Engineer [IT & Observability] at Splunk with special help from: Adam Schalock and Jeremy Hicks at Splunk.