Skip to main content

ServiceNow CMDB

The CMDB module synchronizes ServiceNow CMDB data to BigPanda for alert enrichment and correlation. Two sync modes are available:

  • CMDB v1 - Scheduled full-table export with keyset pagination. Remains available for backward compatibility.

  • CMDB v2 - Schema-aware delta sync with hash-based change detection. Only records that changed since the last sync are transmitted. CMDB v2 is the recommended mode for v3.0+ deployments.

Key Features

  • Hash-based change detection reduces API calls to delta-only records.

  • Rate-limit handling with exponential backoff (60s, 300s, 900s) and jitter for 429 responses.

  • Stale map ID recovery with automatic re-creation.

  • Configurable tables, columns, and query filters.

  • Scheduled sync interval configurable per org (default: 24 hours).

Install the Integration

Administrators can install the integration by following the steps in the instructions for installing ServiceNow.

Update the BigPanda App

If you are currently using an older version of the BigPanda ServiceNow application, you can upgrade to the latest functionality by following the instructions in the Update the BigPanda ServiceNow App documentation.

Configure the CMDB Module

  1. In ServiceNow, navigate to BigPanda > Admin > Configuration > CMDB.

  2. Select CMDB v2 (delta sync for v3.x) or CMDB v1 (full sync).

  3. For CMDB v2, enter the CMDB Enrichment V2 API Key.

  4. In the General section, enter the appropriate keys provided in the BigPanda Console Integration instructions.

    Field

    Description

    Bearer Token

    Enter the BigPanda organization key.

    API Key

    Enter the BigPanda API key.

    Incidents App Key

    Enter the ServiceNow Incidents App Key. You can obtain it from the BigPanda ServiceNow Incidents integration module.

    Change API

    Enter the BigPanda Change API.

    Telemetry Enabled

    Select this checkbox to enable exporting logging data in the integration and to receive troubleshooting and diagnostic assistance with BigPanda.

    Telemetry Endpoint

    Provide a URL for the telemetry option.

  5. Configure the CMDB section, including the tables and columns to sync, sync schedule, page size, and retry settings as needed.

    Parameter

    Description

    Example

    Active

    Select this checkbox to enable CMDB configuration.

    Table Name

    Name of the table or view to export.

    Table Key

    The key column. Make sure this column is indexed.

    Exported Columns

    A comma-delimited list of all columns to export. Do not include the key column in this list.

    Exported Override Columns

    A comma-delimited list of any columns that should replace values from an alert’s payload with the values defined in the CMDB table

    See Override Columns section below

    BigPanda Map Name

    A custom name for the CMDB export within BigPanda.

    Query Filter

    A query to filter out specific records.

    Column Mapping

    Choose specific ServiceNow Columns to rename when mapping within BigPanda.

    servicenow_column: new_name

    hostnames: hosts

    Aggregate Map

    Creates a one:many relationship leveraging the key column as the aggregate.

    See Aggregate Map section below

    Add New Button

    If you need to add an additional configuration row, click this button.

    Endpoint

    The endpoint to send exported tables and/or views.

    EU users may need to add an additional prefix.

    Page Size

    The number of records to send per page. Default 100 records.

    Max Pages

    The max number of pages to send per export. You can send up to 2,000 pages per export. Default: 10

    Max Retries

    The number of retries to attempt in the event that an export fails. Default: 3

    Retry Interval

    The number of seconds to wait between a previously failed export and a new export request. Default: 5 seconds

    Sync Interval

    How often CMDB data is sent to BigPanda. Default: 24 hrs

  6. Click Save.

CMDB query filters

Each CMDB table sync can include a ServiceNow encoded query string that limits which records are exported. To build the correct encoded-query syntax:

  1. In ServiceNow, open the table you want to filter (for example, cmdb_ci_server).

  2. Click the Show / hide filter button and build the filter visually.

  3. Click Run, then right-click the breadcrumb query at the top of the list and choose Copy query.

  4. Paste the copied encoded query into the Query Filter field for that table in the BigPanda CMDB configuration.

Aggregate Map vs. Exported Override Columns

  • Aggregate Map groups related records into arrays, similar to a SQL GROUP BY. A single record in the table key can include up to 15 unique items for each of the exported columns as an array, which is useful for parent-child relationships.

  • Exported Override Columns sets precedence for tags. If an alert tag has the same key as a field in a CMDB table, the CMDB value overrides the alert value during enrichment.

Exporting Frequency

It can take a while for the CMDB process to run, particularly for large tables or views.

Please ensure you're not sending the data too frequently, we suggest limiting it to a couple of times per day.

Aggregate Map

Like a GROUP BY in SQL, this toggle should be used whenever the values in the Table Key column contain multiple rows in other fields. Rather than only pulling in a single item, all possible values will be brought in via enrichment. This is a useful field when adding CI Relationship tables or other complex topology data to BigPanda.

For example:

The following SNOW relationship table:

parent [query key]

type [result tag]

child [result tag]

host_a

Runs::Runs on

app_a

host_a

server_of

app_b

hypervisor_a

server_of

host_a

hypervisor_a

Runs::Runs on

host_b

Will be aggregated in the BigPanda enrichment map into:

parent [query key]

type [result tag]

child [result tag]

host_a

[Runs::Runs on, server_of]

[app_a, app_b]

hypervisor_a

[server_of, Runs::Runs on]

[host_a, host_b]

A single array of result tags can only support 15 items

Exported Override Columns

Exported Override Columns determine whether a non-key column (result_tag) will replace values from an alert’s payload when it is also defined in the CMDB table.

For instance, if we take the above example and send an alert that includes parent=”host_a” and child=”app_a”, if “child” is an override column, the “child” tag’s value in BigPanda will be app_a, app_b instead of just app_a after being enriched by this CMDB table.

In this section: