header background

Integrate Splunk and ServiceNow: A Step By Step Guide with ZigiOps Integration Platform

The importance of systems for modern enterprises

Organizations need to keep a close eye on their performance and each process that runs in the background of their IT infrastructure. Constant monitoring allows them to get detailed insights and even detect potential problems before they have escalated. Handling issues and requests promptly are vital for maintaining high availability and keeping end-users’ satisfaction at top levels. To achieve this, companies must utilize advanced systems that smoothly communicate with each other. Software tools also accumulate information that can later be used to analyze and optimize their actions.

Splunk and ServiceNow are the most common “go-to” solutions when it comes to advanced monitoring and help desk systems. Their capabilities encompass vital business features that have a direct impact on overall performance. When the two tools are integrated and work in sync their functionalities are greatly enhanced.

Let’s see what benefits there are for enterprises when they have a Splunk ServiceNow integration in place.

An Overview of Splunk and ServiceNow

Splunk is a popular IT Operations and monitoring system that helps organizations get a better overview of different processes across their IT infrastructure. Thanks to its sophisticated monitoring capabilities, Splunk enables its users to collect important business data and get actionable insights.

ServiceNow is a comprehensive help desk software. The system enables automation of incident management and faster issue resolutions – processes of crucial importance for the success of organizations. ServiceNow allows building and managing of multiple complex workflows, as well as easy creation and configuration of customized reports.

Why do businesses need to integrate Splunk and ServiceNow?

Splunk (both Splunk Enterprise and ITSI) and ServiceNow give users the ability to maintain specific processes. Monitoring on one hand is handled with Splunk, whereas incident management by ServiceNow.

An integration between Splunk and ServiceNow will automate the transfer of incidents, alerts, CMDB CIs and more important data. Once Splunk discovers something which needs to be escalated to ServiceNow, an integration platform will pick it up and transfer it automatically.

Here are some examples of what the two systems can achieve when working together:

  • Optimize departments’ workloads
  • Improve cross-team collaboration
  • Automate ticket creation and handling
  • Faster resolution of critical issues
  • Instant status updates for responsible employees and customers

In order for this to happen, both ServiceNow and Splunk need to be connected via an integration platform that allows for data transfer in real-time. An easy-to-use, no-code integration platform like ZigiOps establishes a safe and seamless connection between Splunk and ServiceNow in a few clicks.

With its easy-to-navigate UI and a list of pre-built templates, ZigiOps can answer even the most complex use case.

Some of the most notable benefits of deploying ZigiOps as a connector for a Splunk ServiceNow integration include:

  • instant data transfer between Splunk and ServiceNow’s systems
  • flexible workflow customization with chained and dependent actions
  • no need for coding for API experience
  • library with a list of templates, ready to be put in use
  • highly advanced retry mechanism for better error handling

Use case example

How exactly does ZigiOps connect Splunk and ServiceNow? Let’s take a closer look at one of the most common use cases related to the integration between the two.

One of the teams in the organization uses Splunk to monitor data while another – ServiceNow for handling issues and incoming requests.

Upon connecting the two systems, ZigiOps collects data discovered by Splunk and transfers it directly to ServiceNow. ZigiOps can sync different data types such as alerts, incidents, CMDB CIs, change requests, and custom records.

The integration platform reads the schema dynamically and can therefore transfer all related and custom fields, which are available in Splunk and ServiceNow respectivelly.

Whenever there are updates available in the Splunk event, ZigiOps detects them and immediately updates ServiceNow. This way the integration tool synchronizes both Splunk and ServiceNow’s systems and keeps them up to date.

Setting up a Splunk ServiceNow integration with ZigiOps

Installing ZigiOps is the first step of integration – for those who use the on-prem version of the integration tool.

For the rest of the users, the integration process starts with logging from the User’s Interface (UI) for the cloud version of ZigiOps. No matter the way, it takes less than 5 minutes for the tool to establish the connection between Splunk and ServiceNow.


After logging in, we find ourselves in the system’s Dashboard. It contains all the necessary information, like health statuses of integrated systems, licenses, and other options.


From the Connected Systems menu, we can pick the systems we want to integrate – Splunk and ServiceNow.

Next, we go through the verification of the connection between ZigiOps and the two systems. This is very easy. You will only need your instance URLs and admin details. You do not need to make any changes to your ServiceNow or Splunk systems.

The integration tool also has a library with a list of pre-defined templates to choose from – a feature that saves a lot of time and effort.


Once we pick the template we want to use for the integration, ZigiOps’ system asks us to define which of the systems should be the source and which one second (the destination). In our case, Splunk is the first one, while ServiceNow – is the destination. The trigger can be set to “polling” where ZigiOps goes and checks for updates in a predefined interval or to listener, where the integration platform receives updates from the source once there is something new to transfer.


After we finish the configuration, we must define crucial for the integration actions such as filtering field mappings, conditions, and data collection. From there on, the integration is ready. As mentioned before, ZigiOps reads the schema dynamically and provides a drop-down menu list of all the items that can be synchronized.


Transfer of information happens immediately. ZigiOps makes regular checks on both sides of the integration and keeps the data in them up to date.

Since ZigiOps establishes a bi-directional connection between the systems, any change in one of them is instantly present in the other.


Connecting ITOM and ITSM systems helps organizations obtain a clear view and control over internal operations. Integration platforms like ZigiOps make this possible. The process of connecting Splunk and ServiceNow not only enhances their capabilities but brings a lot of benefits, especially when done via an out-of-the-box platform like ZigiOps. Interested to learn more? Book a technical demo to see the Splunk – ServiceNow integration in action.