Operational and Predictive Intelligence - Ideas Portal
The ServiceNow incident ticket is initially created when a new episode is generated in Splunk, using data from the first event. As additional events are collected within the same episode, they may contain relevant information that should be added to the existing incident ticket.
This additional information can include details related to a specific interface run (in case of interface errors) and may contain critical document numbers (e.g., invoice numbers) that are necessary for resolving the incident.
Currently, the Splunk to ServiceNow connector only creates the incident ticket without updating it as more events are gathered in the episode. We propose enhancing the connector by adding an update feature that allows the incident ticket to be continuously updated with new information from subsequent events within the same episode until the ticket is closed.
