Deploiement_Server/deployment-apps/DA-ITSI-CP-SERVICENOW/default/savedsearches.conf

[ITSI Import Objects - SNOW_Change_Requests]
action.email.show_password = 1
action.itsi_import_objects = 1
action.itsi_import_objects.param.backfill_enabled = 0
action.itsi_import_objects.param.entity_identifier_fields = entity_title
action.itsi_import_objects.param.entity_informational_fields = endpoint_id, snow_endpoint, endpoint
action.itsi_import_objects.param.entity_merge_field = entity_title
action.itsi_import_objects.param.entity_title_field = entity_title
action.itsi_import_objects.param.entity_type_field = entity_type
action.itsi_import_objects.param.service_enabled = 1
action.itsi_import_objects.param.service_team = default_itsi_security_group
action.itsi_import_objects.param.service_templates_config = {}
action.itsi_import_objects.param.update_type = upsert
alert.track = 0
cron_schedule = */10 * * * *
dispatch.earliest_time = -60m
dispatch.latest_time = now
enableSched = 1
disabled = 1
search = `itsi-cp-servicenow-indexes` eventtype=snow_change_request `itsi-cp-servicenow-search-range` | dedup endpoint \
| eval endpoint_id = replace(endpoint,"https://","") \
| eval snow_endpoint = mvindex(split(mvindex(split(endpoint,"/"),2),"."),0) \
| eval entity_type="SNOW Change Request", entity_title=snow_endpoint + "::SNOW Change Request" \
| table endpoint_id, endpoint, entity_type, entity_title, snow_endpoint

[ITSI Import Objects - SNOW_Events]
action.email.show_password = 1
action.itsi_import_objects = 1
action.itsi_import_objects.param.backfill_enabled = 0
action.itsi_import_objects.param.entity_identifier_fields = entity_title
action.itsi_import_objects.param.entity_informational_fields = endpoint_id, snow_endpoint, endpoint
action.itsi_import_objects.param.entity_merge_field = entity_title
action.itsi_import_objects.param.entity_title_field = entity_title
action.itsi_import_objects.param.entity_type_field = entity_type
action.itsi_import_objects.param.service_enabled = 1
action.itsi_import_objects.param.service_team = default_itsi_security_group
action.itsi_import_objects.param.service_templates_config = {}
action.itsi_import_objects.param.update_type = upsert
alert.track = 0
cron_schedule = */10 * * * *
dispatch.earliest_time = -60m
dispatch.latest_time = now
enableSched = 1
disabled = 1
search = `itsi-cp-servicenow-indexes` eventtype=snow_em_event `itsi-cp-servicenow-search-range` | dedup endpoint \
| eval endpoint_id = replace(endpoint,"https://","") \
| eval snow_endpoint = mvindex(split(mvindex(split(endpoint,"/"),2),"."),0)\
| eval entity_type="SNOW Event", entity_title= snow_endpoint + "::" + "SNOW Event" \
| table endpoint_id, endpoint, entity_type, entity_title, snow_endpoint

[ITSI Import Objects - SNOW_Incidents]
action.email.show_password = 1
action.itsi_import_objects = 1
action.itsi_import_objects.param.backfill_enabled = 0
action.itsi_import_objects.param.entity_identifier_fields = entity_title
action.itsi_import_objects.param.entity_informational_fields = category, endpoint_id, snow_endpoint, endpoint
action.itsi_import_objects.param.entity_merge_field = entity_title
action.itsi_import_objects.param.entity_title_field = entity_title
action.itsi_import_objects.param.entity_type_field = entity_type
action.itsi_import_objects.param.service_enabled = 1
action.itsi_import_objects.param.service_team = default_itsi_security_group
action.itsi_import_objects.param.service_templates_config = {}
action.itsi_import_objects.param.update_type = upsert
alert.track = 0
cron_schedule = */10 * * * *
dispatch.earliest_time = -60m
dispatch.latest_time = now
enableSched = 1
disabled = 1
search = `itsi-cp-servicenow-indexes` eventtype=snow_incident `itsi-cp-servicenow-search-range` | dedup endpoint \
| eval endpoint_id = replace(endpoint,"https://","") \
| eval snow_endpoint = mvindex(split(mvindex(split(endpoint,"/"),2),"."),0)\
| eval entity_type="SNOW Incident", entity_title=snow_endpoint+"::SNOW Incident" \
| table category, endpoint_id, endpoint, entity_type, entity_title, snow_endpoint

[ITSI Import Objects - SNOW_CMDB]
action.itsi_import_objects = 1
action.itsi_import_objects.param.backfill_enabled = 0
action.itsi_import_objects.param.entity_description_fields = description
action.itsi_import_objects.param.entity_identifier_fields = entity_title
action.itsi_import_objects.param.entity_informational_fields = child,parent,parent_type,snow_endpoint,endpoint
action.itsi_import_objects.param.entity_merge_field = entity_title
action.itsi_import_objects.param.entity_title_field = entity_title
action.itsi_import_objects.param.entity_type_field = entity_type
action.itsi_import_objects.param.service_enabled = 1
action.itsi_import_objects.param.service_team = default_itsi_security_group
action.itsi_import_objects.param.service_templates_config = {}
action.itsi_import_objects.param.update_type = upsert
alert.track = 0
cron_schedule = 30 * * * *
dispatch.earliest_time = -60m
dispatch.latest_time = now
enableSched = 1
disabled = 1
search = `itsi-cp-servicenow-indexes` eventtype=snow_cmdb_rel_ci endpoint="*" `itsi-cp-servicenow-search-range` \
| eval parent_id = dv_sys_id, sys_id = parent, parent_type = dv_type, parent_name = dv_parent, child_name = dv_child \
| table parent_type parent_id sys_id parent_name child_name endpoint \
| join sys_id type=outer \
    [ search `itsi-cp-servicenow-indexes` sourcetype="snow:cmdb" endpoint="*" `itsi-cp-servicenow-search-range`] \
| eval child = coalesce(name,dv_name,dv_child,child_name) \
| eval parent = coalesce(parent_name,dv_parent) \
| eval snow_endpoint = mvindex(split(mvindex(split(endpoint,"/"),2),"."),0) \
| eval entity_title = snow_endpoint +"::"+ parent +"::"+ child \
| eval entity_type = "SNOW CMDB" \
| eval description = "(" + snow_endpoint + ") "+ parent +" "+ parent_type +" "+ child \
| eval parent_type = entity_title +"::"+ parent_type \
| table child parent entity_title entity_type parent_type snow_endpoint endpoint description \
| dedup parent child