Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Multiple-record, custom field Splunk alerts

Log in to subscribe to topics and get notified when content changes.

Multiple-record, custom field Splunk alerts

Multi-record alerts (defined using the Create Multiple ServiceNow Security Incidents and Create Multiple ServiceNow Security Events trigger actions) can automatically create records with any set of fields supported.

These act differently from the other alert actions in that default values are provided. However, most of the data comes from the search result for that alert.

Note: In previous versions of the add-on and this documentation, scripted alerts were supported. That feature has been deprecated and replaced by these instructions.
Feedback