-30d@d now true * `itsi-cp-servicenow-indexes` sourcetype="snow:cmdb_ci*" | dedup name | table name $time_picker.earliest$ $time_picker.latest$ name name " OR name=" All * endpoint endpoint `itsi-cp-servicenow-indexes` sourcetype="snow:*" | top limit=20 endpoint $time_picker.earliest$ $time_picker.latest$ *
Change Ticket Lookup `itsi-cp-servicenow-indexes` eventtype=snow_change_request endpoint=$Snow_Instance_Endpoint$ | dedup sys_id | join cmdb_ci [ search `itsi-cp-servicenow-indexes` sourcetype="snow:cmdb_ci*" (name="$host$") | dedup sys_id | rename sys_id as cmdb_ci ] | rename name as "CI Name", dv_requested_by as "Requested By", number as Number, description as Description, assigned_to_name as "Assigned To", change_state_name as State, priority as Priority | table Number, Description, "Requested By", "CI Name", "Assigned To", State, Priority $time_picker.earliest$ $time_picker.latest$
Incident Ticket Lookup `itsi-cp-servicenow-indexes` eventtype=snow_incident endpoint=$Snow_Instance_Endpoint$ | dedup sys_id | join cmdb_ci [ search `itsi-cp-servicenow-indexes` sourcetype="snow:cmdb_ci*" (name="$host$") | dedup sys_id | rename sys_id as cmdb_ci ] | rename name as "CI Name", opened_by AS "Opened by", dv_category as Category, assignment_group_name as "Assignment Group", user as User, short_description as Description, incident_state_name as State, priority as Priority, number as Number | table Number, Description, "CI Name", Category, "Opened by", User, "Assignment Group", State, Priority $time_picker.earliest$ $time_picker.latest$