has anyone passed static values into the alert to create an incident in ServiceNow? I was able to modify the snow_incident_m.py, snow_incident_base. and snow_incident.html and successfully to create an incident in ServiceNow. (reference: https://answers.splunk.com/answers/736869/servicenow-how-do-set-extra-custom-fields-when-cre.html) However, now I want to populate some static fields in Splunk so users don't have to enter so many details. Below is an example of my snow_incident_base.py. I've added the first two ("category", "Application") and ("contact_type", "3rd-party"), both originally set to 'None', however when creating a new alert, these default values are not populating. Any suggestions? Am I missing a corresponding location in the other two files/scripts?
# (field_name, default_value)
fields = (("category", "Application"), ("short_description", None),
("contact_type", "3rd-party"), ("splunk_url", url), ("urgency", ""),
("subcategory", ""), ("state", "4"), ("comments", ""),
("location", ""), ("impact", "3"),
("correlation_id", ""),
("priority", "4"), ("assignment_group", ""),("u_caller", "Splunk Guest"), ("u_environment", "PRODUCTION"),("correlation_display", ""),
("u_incident_cause_owner", "FIS"), ("u_incident_cause_code", ""),
("u_close_code", ""), ("u_close_notes", ""),("u_root_cause_reason", ""))
("u_incident_cause_owner", "FIS"), ("u_incident_cause_code", ""),
("u_close_code", ""), ("u_close_notes", ""),("u_root_cause_reason", ""))
↧