> Continuous Process Improvement > Change Management > ServiceNow > Data Template

Your Change Management Data Template

ServiceNow

Change Management Attributes (20) Change Management Activities (13) Extraction Guides (3)

Your Change Management Data Template

This template provides a structured approach to collecting the essential data required for effective process mining of your Change Management workflow. It outlines recommended attributes and activities to track, along with practical guidance for data extraction. Use this resource to prepare your data for comprehensive analysis and optimization.

Recommended attributes to collect
Key activities to track for accurate process discovery
Guidance for extracting data from ServiceNow

New to event logs? Learn how to create a process mining event log.

Download Template

Change Management Attributes

These are the recommended data fields to include in your event log for a comprehensive analysis of your change management process.

3 Required 7 Recommended 10 Optional

	Name	Description
	Change Request ID ChangeRequestNumber	The unique identifier for a change request, serving as the primary case ID for grouping all related events.
Description The Change Request ID is the cornerstone of the change management process analysis. It is a unique number assigned to each change request, such as 'CHG0030001', that links all activities, approvals, and tasks together. In process mining, this attribute is used to reconstruct the end-to-end journey of every individual change. It allows analysts to trace the complete lifecycle from creation to closure, providing a coherent view of how each change progresses through the system. Analyzing processes grouped by this ID is essential for calculating cycle times, identifying rework loops, and understanding process variants. Why it matters This ID is essential for tracking the entire lifecycle of a change, enabling a complete analysis of process flow, duration, and compliance for each request. Where to get ServiceNow table: change_request, Field: number Examples CHG0030001CHG0030045CHG0030112
	Event Time EventTime	The precise timestamp when a specific activity or event occurred.
Description Event Time records the exact date and time that an activity was performed or a status change was registered. This timestamp is critical for ordering events chronologically and for all duration-based analysis. In process mining, this attribute enables the calculation of cycle times, processing times, and waiting times between activities. It is essential for dashboards that analyze performance, such as Change Approval Cycle Time and End-to-End Change Process Flow. Accurate timestamps are the foundation for identifying delays and measuring process efficiency against SLAs. Why it matters This timestamp is crucial for sequencing events correctly and calculating all time-based metrics, including cycle times, durations, and SLA adherence. Where to get ServiceNow table: sys_audit, Field: sys_created_on. This provides the timestamp for each recorded change. Examples 2023-10-26T10:00:00Z2023-10-26T11:30:15Z2023-10-27T14:05:00Z
	Activity Name ActivityName	The name of a specific event or task that occurred within the change management process.
Description The Activity Name describes a discrete step or status change in the lifecycle of a change request. Examples include 'Change Awaiting Assessment', 'Approval Requested', and 'Change Implemented'. These activities form the nodes in the discovered process map. Analyzing these activities allows for a detailed examination of the process flow. By tracking the sequence and frequency of activities, organizations can identify common paths, deviations from the standard process, and bottlenecks where changes frequently stall. This is fundamental for visualizing the process and calculating metrics like transition times between steps. Why it matters It forms the backbone of the process map, allowing for visualization of the process flow, identification of bottlenecks, and analysis of deviations. Where to get Derived from changes in the 'state' field or other key status fields in the 'change_request' table, often captured in the 'sys_audit' table. Examples Change ApprovedImplementation StartedChange ClosedChange Canceled
	Assignment Group AssignmentGroup	The team or group responsible for the change request.
Description The Assignment Group indicates which team is currently responsible for the change request, such as 'CAB Approval', 'Network Engineering', or 'Database Administrators'. This is a critical dimension for analyzing process performance across different functional areas. This attribute is used to measure team-level efficiency, identify bottlenecks within specific groups, and analyze the effectiveness of handoffs between teams. Dashboards like 'Cross-Functional Handoff Efficiency' and 'Change Implementation Throughput' rely heavily on this data to pinpoint delays caused by inter-team dependencies. Why it matters Enables performance analysis by team, highlighting group-specific bottlenecks and measuring the efficiency of handoffs between different functional areas. Where to get ServiceNow table: change_request, Field: assignment_group Examples CAB ApprovalNetwork TeamServer SupportDatabase Administrators
	Change State ChangeState	The current or historical state of the change request, such as 'Assess', 'Authorize', 'Implement', or 'Closed'.
Description The Change State attribute represents the status of a change request at a given point in time. It provides a high-level summary of where the change is in its lifecycle. Unlike the Activity, which represents a specific event, the State is the condition resulting from that event. In analysis, Change State is used to categorize cases and understand their outcomes. It is fundamental for filtering changes, for example, to analyze only 'Closed' changes or investigate why many changes are stuck in the 'Authorize' state. It directly supports KPIs like Change Failure Rate when a 'Failed' state exists. Why it matters Provides a snapshot of the change request's status, enabling analysis of outcomes, case filtering, and identification of stalled changes. Where to get ServiceNow table: change_request, Field: state Examples AssessAuthorizeScheduledImplementReviewClosedCanceled
	Change Type ChangeType	The classification of the change, such as 'Standard', 'Normal', or 'Emergency'.
Description Change Type categorizes the change request based on its nature, risk, and approval requirements. Standard changes are pre-approved, Normal changes follow the full process, and Emergency changes use an expedited path. This is a fundamental dimension for process analysis, as different change types have distinct, legitimate process models. Comparing the performance of Normal vs. Emergency changes can reveal important insights about process adherence and efficiency. It is also used in dashboards like 'Risk Assessment Standardization' to ensure similar changes are treated consistently. Why it matters Allows for segmentation of analysis, as different change types follow different authorized process flows and have unique performance expectations. Where to get ServiceNow table: change_request, Field: type Examples StandardNormalEmergency
	Configuration Item ConfigurationItem	The specific IT component, service, or system that is the subject of the change.
Description The Configuration Item (CI) is the asset from the Configuration Management Database (CMDB) that will be affected by the change. This could be a server, a software application, a network device, or a business service. This attribute provides critical context for the change. In process mining, it allows for analysis to be segmented by the type of asset being changed. For example, the 'Change Testing Duration Analysis' dashboard uses this attribute to compare testing times for different applications or systems, helping to identify which CIs are associated with longer testing cycles. Why it matters Provides essential business context, allowing analysis to be filtered by the affected application, service, or system to identify component-specific issues. Where to get ServiceNow table: change_request, Field: cmdb_ci Examples SAP ERPOracle Database 19cEmail ServiceWebServer-01
	End Time EndTime	The timestamp when an activity concluded. It is often derived from the start time of the subsequent activity.
Description The End Time marks the completion of an activity. While source systems often log the start of an event, the end time is frequently inferred. It is typically calculated as the timestamp of the next activity in the sequence for the same case. This attribute is essential for calculating the duration of each activity, known as processing time. Understanding how long each step takes is fundamental to identifying bottlenecks and inefficiencies in the process. For the final activity in a case, the End Time is the same as the Start Time. Why it matters Enables the calculation of activity processing time, which is crucial for identifying bottlenecks and measuring the duration of specific process steps. Where to get This attribute is typically calculated during data transformation by taking the StartTime of the next event for the same CaseId. Examples 2023-10-26T10:05:12Z2023-10-26T11:45:00Z2023-10-27T15:00:00Z
	Priority Priority	The priority level of the change request, determined by its impact and urgency.
Description Priority indicates the importance of a change request and determines the order in which it should be addressed. It is often derived from the impact and urgency of the change, with values like 'Critical', 'High', 'Moderate', and 'Low'. Analyzing by priority is essential for ensuring that high-priority changes are processed faster than low-priority ones. It supports the 'Critical Change Performance' dashboard by allowing analysts to track cycle times and failure rates specifically for the most important changes. Any deviation where low-priority changes are completed faster than high-priority ones indicates a problem in resource allocation or process execution. Why it matters Crucial for evaluating if resources are correctly allocated to the most critical changes and for monitoring their performance separately. Where to get ServiceNow table: change_request, Field: priority Examples 1 - Critical2 - High3 - Moderate4 - Low
	Risk Level RiskLevel	The assessed risk level of the change, such as 'High', 'Moderate', or 'Low'.
Description The Risk Level is the output of the risk assessment process for a change request. It quantifies the potential for adverse consequences if the change is implemented, helping to determine the required level of scrutiny and approval. This attribute is key for the 'Risk Assessment Standardization' dashboard, where it's used to check if similar changes receive consistent risk ratings. Analyzing process flows by risk level can also reveal if high-risk changes are correctly following a more rigorous approval and testing path compared to low-risk changes, which is a key compliance check. Why it matters Essential for compliance analysis and ensuring that high-risk changes receive the appropriate level of scrutiny and follow a more rigorous process. Where to get ServiceNow table: change_request, Field: risk Examples HighModerateLow
	Assigned To User AssignedToUser	The individual user responsible for the change request at a specific point in time.
Description This attribute identifies the specific person assigned to work on the change request. This can change multiple times throughout the lifecycle as the request moves between different stages and teams. Analyzing by user helps in understanding workload distribution, individual performance, and identifying training needs. It is also key for analyzing handoffs, particularly when combined with the Assignment Group, to see how efficiently work is passed between individuals. Why it matters Helps track individual user workload and performance, and is crucial for analyzing handoff delays between different resources. Where to get ServiceNow table: change_request, Field: assigned_to Examples Beth AnglinDavid LooAbel Tuter
	Close Code CloseCode	A code indicating the outcome when the change request was closed, such as 'Successful' or 'Unsuccessful'.
Description The Close Code provides a final disposition for a completed change request. It formally records whether the change was implemented successfully, with issues, or was rolled back. This attribute is a direct input for the 'Change Failure Rate' KPI. By analyzing the distribution of close codes, organizations can quantify the success of their change initiatives. Filtering the process map for changes with an 'Unsuccessful' close code is a powerful technique for root cause analysis, revealing common process patterns that lead to failure. Why it matters Directly measures the outcome of a change, providing the primary data needed to calculate the change failure rate and analyze the root causes of failed changes. Where to get ServiceNow table: change_request, Field: close_code Examples SuccessfulSuccessful with IssuesUnsuccessful / Rolled Back
	Cycle Time CycleTime	The total time elapsed from the creation to the closure of a change request.
Description Cycle Time is a case-level metric that measures the total duration of a change request's lifecycle. It is calculated as the difference between the timestamp of the very first event and the timestamp of the very last event for a given change request. This is a critical KPI for measuring overall process velocity. It is used in the 'End-to-End Change Process Flow' dashboard to provide a high-level view of process performance. Analyzing cycle time trends and comparing them across different dimensions like Change Type or Priority helps organizations identify opportunities for strategic process improvement. Why it matters Measures the end-to-end duration of the change process, providing a key indicator of overall process velocity and efficiency. Where to get Calculated at the case level during data analysis by subtracting the minimum StartTime from the maximum StartTime for each CaseId. Examples 60480012096002592000
	Impact Impact	The potential effect of the change on business operations, rated on a scale such as High, Medium, or Low.
Description Impact measures the potential effect on the business if the change request is not handled correctly. It is a key input, along with Urgency, for determining the overall Priority of the change. Analyzing by Impact helps to ensure that changes affecting critical services are managed with appropriate care. It is used in the 'Critical Change Performance' dashboard to isolate and monitor changes with a high business impact. It is also used to verify risk assessment consistency, ensuring that high-impact changes are not assigned a low risk level without justification. Why it matters Helps prioritize changes based on their potential business effect and is used to validate that high-impact changes are managed with proper diligence. Where to get ServiceNow table: change_request, Field: impact Examples 1 - High2 - Medium3 - Low
	Is Rework IsRework	A boolean flag that is true if an activity represents a repeat of a previous step in the same case.
Description This calculated attribute identifies activities that constitute rework. Rework occurs when the process has to loop back to a step that was already completed, such as a change being rejected after approval and sent back for reassessment. This flag is crucial for quantifying process inefficiency. It directly supports the 'Change Rework Rate' KPI and the 'Change Failure and Rework Analysis' dashboard. By filtering for activities where 'Is Rework' is true, analysts can isolate and study the causes of rework, such as incomplete initial assessments or changing requirements, and take action to reduce waste. Why it matters Directly quantifies process inefficiency by flagging repeated work, helping to identify and address the root causes of process loops and wasted effort. Where to get Calculated during data transformation by detecting if the same activity (or an earlier one in the standard flow) has already occurred for the given CaseId. Examples truefalse
	Last Data Update LastDataUpdate	The timestamp indicating when the data for this record was last refreshed from the source system.
Description This attribute provides the timestamp of the last data extraction. It is a metadata field that is critical for understanding the freshness of the data being analyzed. Analysts use this timestamp to confirm they are working with up-to-date information and to understand the data's recency. It is especially important for operational dashboards that monitor ongoing process performance, ensuring that decisions are not based on stale data. Why it matters Indicates data freshness, ensuring that analyses and dashboards are based on current and relevant information. Where to get This is a metadata field generated during the data extraction and transformation (ETL) process, indicating the time of the data pull. Examples 2023-11-01T02:00:00Z2023-11-02T02:00:00Z
	Processing Time ProcessingTime	The duration of a single activity, calculated as the difference between its End Time and Start Time.
Description Processing Time, also known as activity duration, measures the time spent actively working on a specific task. It is calculated by subtracting the activity's Start Time from its End Time. This calculated metric is fundamental for performance analysis. It allows for the identification of the most time-consuming steps in the process, which are often the primary targets for optimization efforts. Dashboards analyzing testing duration or risk assessment cycle time are directly based on this metric for the relevant activities. Why it matters Measures the duration of individual activities, making it possible to pinpoint the most time-consuming steps that are prime candidates for optimization. Where to get Calculated during data transformation: EndTime - StartTime. Examples 259200360086400
	SLA State SlaState	The status of the change request relative to its Service Level Agreement (SLA), such as 'On Track', 'At Risk', or 'Breached'.
Description SLA State indicates whether the change request is progressing within the timeframes defined by its SLA. This status can be tracked at each stage of the process. This attribute is essential for monitoring compliance with service level commitments. It is the primary data source for the 'Change SLA Performance Overview' dashboard and the 'Change SLA Adherence Rate' KPI. Analyzing where and why SLAs are breached allows the organization to address systemic delays and improve service delivery predictability. Why it matters Provides a direct measure of performance against deadlines, enabling proactive monitoring and analysis of SLA breaches to improve service delivery. Where to get This can be sourced from the 'task_sla' table in ServiceNow, which tracks SLAs related to tasks like change requests, or calculated based on due date fields. Examples On TrackAt RiskBreached
	Source System SourceSystem	The system from which the data was extracted, typically 'ServiceNow'.
Description This attribute identifies the origin of the process data. While in this case it is expected to be ServiceNow, it is a crucial field for data governance and for scenarios where data from multiple systems might be merged. In analysis, it ensures data lineage is clear and helps in validating the data's source. For organizations with multiple ITSM tools or integrated systems, this attribute allows for filtering and comparing processes across different platforms. Why it matters Provides clear data lineage, ensuring that the origin of the process data is documented, which is vital for data governance and multi-system analysis. Where to get This is typically a static value added during the data extraction and transformation (ETL) process. Examples ServiceNowServiceNow_PRODSNOW_ITSM
	Urgency Urgency	The speed at which a change needs to be resolved, rated on a scale such as High, Medium, or Low.
Description Urgency defines how quickly a change needs to be implemented. It reflects the time sensitivity of the request from a business perspective. Along with Impact, it is used to calculate the overall Priority. While Priority is the primary field for analysis, Urgency provides additional context. It can be used to investigate why certain changes are marked as urgent and whether the process accommodates them effectively without compromising stability. It helps answer questions about whether the organization is too often in a reactive, high-urgency mode. Why it matters Provides context on the time sensitivity of a change, helping to analyze whether the process effectively handles time-critical requests. Where to get ServiceNow table: change_request, Field: urgency Examples 1 - High2 - Medium3 - Low

Required Recommended Optional

Change Management Activities

These are the key process steps and milestones to capture in your event log for accurate change management process discovery.

7 Recommended 6 Optional

	Activity	Description
	Change Approved	The change request has received all necessary authorizations to proceed to the scheduling and implementation phases. This is a critical milestone, captured when the final approval is granted and the 'approval' field is set to 'approved'.
Why it matters This milestone concludes the approval phase. It is essential for measuring approval cycle times and identifying bottlenecks in the decision making process. Where to get Inferred from the 'approval' field of the change_request table changing to 'approved'. The timestamp is sourced from the audit history for this change. Capture Capture the timestamp when the 'approval' field becomes 'approved'. Event type inferred
	Change Canceled	The change request has been withdrawn or aborted at some point before implementation was completed. This is an alternative end state captured when the state is set to 'Canceled'.
Why it matters Analyzing canceled changes can reveal process inefficiencies, such as requests being created unnecessarily or being stuck in approval for too long, becoming obsolete. Where to get Inferred from the 'state' field in the change_request table being set to 'Canceled'. The timestamp is captured from the audit log for this state change. Capture Capture the timestamp when the 'state' field is updated to 'Canceled'. Event type inferred
	Change Closed	The change request has been successfully completed, reviewed, and is now considered finished. This is the primary success endpoint for the process and is captured when the change state moves to 'Closed'.
Why it matters This activity marks the successful completion of the change lifecycle. It is the end event for measuring end to end process duration and SLA adherence. Where to get Inferred from the 'state' field in the change_request table being set to 'Closed'. The timestamp is taken from the audit history for this final state change. Capture Capture the timestamp when the 'state' field is updated to 'Closed'. Event type inferred
	Change Implemented	The implementation work has been completed, and the change is ready for review, verification, or testing. This activity is inferred when the state of the change request moves from 'Implement' to 'Review'.
Why it matters This is a critical milestone that concludes the implementation phase. It is a key event for calculating the 'Change Failure Rate' and 'Change Rework Rate' KPIs. Where to get Inferred from a state transition out of 'Implement' to a subsequent state like 'Review'. The timestamp is captured from the audit history of the 'state' field in the change_request table. Capture Identify when the 'state' field changes from 'Implement' to 'Review'. Event type inferred
	Change Request Created	This activity marks the creation of a new change request record in the system. It is the official start of the change management process and is captured when a new entry is inserted into the change_request table.
Why it matters This is the primary start event for the process. Analyzing the time from this activity to others reveals the total lead time and helps identify delays at the very beginning of the process. Where to get This event corresponds to the record creation timestamp (sys_created_on) in the ServiceNow change_request table. Capture Use the sys_created_on timestamp from the change_request table. Event type explicit
	Change Scheduled	The approved change has been assigned a planned start and end date and is now officially on the implementation calendar. This is inferred when the change request state moves to 'Scheduled'.
Why it matters This activity separates the planning and approval stages from the active implementation phase. The time spent in this state can indicate delays between approval and the start of work. Where to get Inferred from a 'state' field change in the change_request table to 'Scheduled'. The timestamp is captured from the corresponding audit log entry. Capture Track state field changes to 'Scheduled' in the change_request table's audit history. Event type inferred
	Risk And Impact Assessed	Represents the completion of the risk and impact analysis for the change request. This is a crucial milestone before seeking approval and is often inferred when the change moves out of an 'Assess' state into an 'Authorize' or 'Awaiting Approval' state.
Why it matters Tracking the duration of the assessment phase is key to the 'Avg. Risk Assessment Cycle Time' KPI. It helps standardize the assessment process and identify where analyses are taking too long. Where to get Inferred from the 'state' field in the change_request table transitioning from 'Assess' to 'Authorize'. The event timestamp is captured from the audit log of this state change. Capture Identify when the 'state' field changes from 'Assess' to a subsequent state like 'Authorize'. Event type inferred
	Approval Requested	This activity signifies that the change request has been formally submitted for approval, typically to a manager or a Change Advisory Board (CAB). This event is captured when the approval status of the change request is set to 'requested'.
Why it matters This marks the beginning of the approval cycle. Measuring the time from this event to 'Change Approved' directly calculates the 'Average Change Approval Time' KPI. Where to get Inferred from the 'approval' field in the change_request table changing to 'requested'. The timestamp is recorded from the sys_audit table for this field. Capture Timestamp of when the 'approval' field in the change_request table is set to 'requested'. Event type inferred
	Change Awaiting Assessment	The change request has been submitted and is now waiting for technical and business assessment. This is typically inferred when the change request's state transitions to 'Assess' or a similar status, indicating it has left the draft phase.
Why it matters This activity helps measure the initial handoff time from requestor to the assessment team. Delays here can indicate issues with initial data quality or resource availability for assessment. Where to get Inferred from a change in the 'state' field in the change_request table, typically to a value like 'Assess'. The timestamp is taken from the audit history (sys_audit) for this field change. Capture Track state field changes to 'Assess' in the change_request table's audit history. Event type inferred
	Change Rejected	The change request has been denied by an approver or the CAB. This activity represents a terminal state for the request unless it is reworked and resubmitted. It is captured when the 'approval' field is set to 'rejected'.
Why it matters Tracking rejections helps identify common reasons for denial, such as incomplete information or high risk. This analysis can improve the quality of future change submissions. Where to get Inferred from the 'approval' field in the change_request table changing to 'rejected'. The timestamp is captured from the audit history. Capture Capture the timestamp when the 'approval' field becomes 'rejected'. Event type inferred
	Change Reopened	The change request has been moved back to a previous state, such as 'Implement' or 'Assess', after reaching a later stage. This event is inferred from a non-linear state transition and signifies rework.
Why it matters This activity is crucial for identifying rework loops and calculating the 'Change Rework Rate'. Frequent reopening events indicate issues with implementation quality, testing, or planning. Where to get Inferred by analyzing the sequence of state changes in the change_request audit history. A transition from a later state (e.g., 'Review') to an earlier state (e.g., 'Implement') indicates a reopen event. Capture Detect a non-sequential, backward transition in the 'state' field's history. Event type inferred
	Implementation Started	Work has actively begun on implementing the change. This is captured when the change request's state is updated to 'Implement', signifying the transition from planning to execution.
Why it matters This marks the start of the hands on implementation work. It is the starting point for measuring the 'Average Implementation Duration' KPI and analyzing team efficiency. Where to get Inferred from the 'state' field in the change_request table changing to 'Implement'. The timestamp is taken from the audit log for this state transition. Capture Capture the timestamp of the state change to 'Implement' from the change_request audit history. Event type inferred
	Review In Progress	A post-implementation review (PIR) is being conducted to determine if the change was successful and met its objectives. This is captured when the change request state is set to 'Review'.
Why it matters Analyzing the duration of the review phase helps identify delays in validating change success. It also highlights non-compliant changes where this step is skipped. Where to get Inferred from the 'state' field in the change_request table changing to 'Review'. The timestamp is sourced from the audit log for this state change. Capture Capture the timestamp of the state change to 'Review' from the change_request audit history. Event type inferred

Recommended Optional

Extraction Guides

How to get your data from ServiceNow

Steps

Log into your ServiceNow instance with a user account that has at least the itil role or equivalent read permissions for the Change Management module.
Export Core Change Request Data: Navigate to Change > All to display the list of all change requests. Use the filter funnel icon to apply a filter for the desired date range, for example, Created on last 3 months.
Configure Columns for Export: Right-click any column header, then select Configure > List Layout. Add the following columns to the 'Selected' list: Number, sys_created_on, sys_updated_on, state, assignment_group, type, priority, risk, and cmdb_ci. Click Save.
Export the Change Request Data: Once the list view is filtered and configured, right-click any column header again, navigate to Export, and select CSV. The system will prepare the file for download. This file contains the data needed for state-based activities.
Export Approval Data: In the navigation filter, type sysapproval_approver.list and press Enter. This opens the list view for all approvals.
Filter and Export Approvals: Use the filter funnel to show only change-related approvals. Set the filter to Source table is change_request AND Created on last 3 months. Configure the list layout to include columns like Approver, State, Created, Updated, and Document ID (this contains the Change Request number). Export this list to a separate CSV file.
Combine and Transform Data: This manual process requires a spreadsheet tool or a simple script. Open both CSV files. The goal is to create a single event log file with one row per activity.
Map Change Request State Changes: In the change request data file, create rows for each state transition. For example:
- Change Request Created: Use the sys_created_on timestamp.
- Change Awaiting Assessment: Use sys_updated_on when the state field first becomes 'Assess'.
- Implementation Started: Use sys_updated_on when the state field first becomes 'Implement'.
- All other state-based activities (Change Scheduled, Change Implemented, Review In Progress, Change Closed, Change Canceled) are inferred from the sys_updated_on timestamp when the state field changes to the corresponding value.
Map Approval Events: In the approvals data file, join the data back to the main change request file using the Change Request number (Document ID).
- Approval Requested: Use the Created timestamp from the approval record where the approval State is 'requested'.
- Change Approved: Use the Updated timestamp from the final approval record that moves the change to an 'approved' state.
- Change Rejected: Use the Updated timestamp from the approval record where the approval State becomes 'rejected'.
Assemble the Final Event Log: Consolidate all generated rows from the previous steps into a single table. Ensure the columns are named correctly: ChangeRequestNumber, ActivityName, EventTime, and any other recommended attributes.
Save and Upload: Save the final combined and formatted data as a single CSV file, which is now ready to be uploaded to a process mining tool.

Configuration

Primary Tables: The core data is extracted from two main tables: change_request for overall change details and state transitions, and sysapproval_approver for approval-related events.
Date Range Filter: It is crucial to apply a consistent date range filter to all exports, typically based on the creation date (sys_created_on). A range of 3-6 months is recommended for an initial analysis.
State Model: The extraction logic depends heavily on your organization's specific ServiceNow state model for change requests. The standard states are 'Assess', 'Authorize', 'Scheduled', 'Implement', 'Review', 'Closed', and 'Canceled'. Verify these match your configuration.
Required Permissions: Users performing the export need at least the itil role or a custom role with read access to both the change_request and sysapproval_approver tables.
Export Format: Always export to CSV for easier manipulation and merging. Exporting to XLS may have row limitations and can alter date formats.

a Sample Query config

This method uses the ServiceNow UI for filtering and exporting, not a direct script. The configuration below outlines the filters and columns for each required export.

**Export 1: Change Request Data**
*   **Navigate to Table**: `change_request.list`
*   **Filter Conditions**:
    *   `Created` `on` `Last 3 months` (or your desired date range)
    *   AND `Type` `is one of` `Normal, Standard, Emergency` (as needed)
*   **Columns to Select/Export**:
    *   `number` (maps to ChangeRequestNumber)
    *   `sys_created_on` (used for 'Change Request Created' EventTime)
    *   `sys_updated_on` (used as EventTime for most state changes)
    *   `state` (maps to ChangeState)
    *   `assignment_group` (maps to AssignmentGroup)
    *   `type` (maps to ChangeType)
    *   `priority` (maps to Priority)
    *   `risk` (maps to RiskLevel)
    *   `cmdb_ci` (maps to ConfigurationItem)

**Export 2: Approval Data**
*   **Navigate to Table**: `sysapproval_approver.list`
*   **Filter Conditions**:
    *   `Source table` `is` `change_request`
    *   AND `Created` `on` `Last 3 months` (or your desired date range)
*   **Columns to Select/Export**:
    *   `document_id` (used to link to the Change Request Number)
    *   `state` (approval state: requested, approved, rejected)
    *   `sys_created_on` (used for 'Approval Requested' EventTime)
    *   `sys_updated_on` (used for 'Change Approved'/'Change Rejected' EventTime)

**Post-Export Transformation Logic (to be performed in a spreadsheet or script)**:

For each unique Change Request Number, create the following rows based on the data from the exported files. Timestamps should be from `sys_updated_on` unless specified otherwise.

1.  `ActivityName`: 'Change Request Created', `EventTime`: `sys_created_on` from change_request export.
2.  `ActivityName`: 'Change Awaiting Assessment', `EventTime`: Timestamp when `state` becomes 'Assess'.
3.  `ActivityName`: 'Risk And Impact Assessed', `EventTime`: Timestamp when `state` changes from 'Assess' to 'Authorize'.
4.  `ActivityName`: 'Approval Requested', `EventTime`: `sys_created_on` from sysapproval_approver export where approval `state` is 'requested'.
5.  `ActivityName`: 'Change Approved', `EventTime`: `sys_updated_on` from sysapproval_approver export when final approval `state` becomes 'approved'.
6.  `ActivityName`: 'Change Rejected', `EventTime`: `sys_updated_on` from sysapproval_approver export when approval `state` becomes 'rejected'.
7.  `ActivityName`: 'Change Scheduled', `EventTime`: Timestamp when `state` becomes 'Scheduled'.
8.  `ActivityName`: 'Implementation Started', `EventTime`: Timestamp when `state` becomes 'Implement'.
9.  `ActivityName`: 'Change Implemented', `EventTime`: Timestamp when `state` changes from 'Implement' to 'Review'.
10. `ActivityName`: 'Review In Progress', `EventTime`: Timestamp when `state` becomes 'Review'.
11. `ActivityName`: 'Change Reopened', `EventTime`: Inferred from a non-linear state change (e.g., 'Review' back to 'Implement'). This is difficult to capture with this method and often requires manual inspection or analysis of audit data.
12. `ActivityName`: 'Change Closed', `EventTime`: Timestamp when `state` becomes 'Closed'.
13. `ActivityName`: 'Change Canceled', `EventTime`: Timestamp when `state` becomes 'Canceled'.

Steps

Prerequisites and Authentication: Ensure you have a ServiceNow user account with the itil and rest_service roles. This role provides the necessary permissions to read change request data and use the REST API. Generate credentials for this user, either through Basic Authentication (username and password) or by configuring an OAuth 2.0 client for more secure, programmatic access.
Identify ServiceNow Instance: Determine your ServiceNow instance URL, which typically follows the format https://[your-instance].service-now.com.
Set Up Extraction Environment: Prepare a scripting environment, such as Node.js or Python, where you can execute scripts to make REST API calls. The provided query example uses JavaScript for a Node.js environment.
Initial Data Fetch (Change Requests): Begin by querying the change_request table. Use a sysparm_query URL parameter to filter for change requests created within your desired analysis period (e.g., sys_created_onBETWEENjavascript:gs.dateGenerate('YYYY-MM-DD','start')@javascript:gs.dateGenerate('YYYY-MM-DD','end')). This initial call fetches the base data for each case, including the sys_id, number, and the 'Change Request Created' event timestamp (sys_created_on).
Fetch Audit History: For each sys_id retrieved in the previous step, make a subsequent API call to the sys_audit table. Filter the audit records where tablename is 'change_request' and documentkey matches the sys_id of the change request. This retrieves the complete history of field changes for each case.
Process Audit Data for Activities: Loop through the sys_audit records for each change request. Your script must identify specific changes that correspond to process activities. For example, a record where fieldname is 'state' and the newvalue is 'Scheduled' represents the 'Change Scheduled' activity. The sys_created_on timestamp of the audit record becomes the EventTime.
Identify 'Reopened' Activities: To capture 'Reopened' events, define the standard sequence of states (e.g., Assess -> Authorize -> Scheduled -> Implement -> Review -> Closed). Compare the sequence order of the oldvalue and newvalue for each state change. If the new state comes before the old state in the defined sequence, create a 'Change Reopened' activity.
Combine and Map Data: Consolidate the data from the change_request table (for the creation event) and the processed sys_audit data into a single, unified list. Map the ServiceNow field names to the required event log column names, such as number to ChangeRequestNumber, sys_created_on to EventTime, and the derived event name to ActivityName.
Structure the Event Log: Format the combined data into a structured event log. Each row must represent a single activity and contain, at minimum, ChangeRequestNumber, ActivityName, and EventTime.
Export to CSV: Save the final event log as a CSV file. Ensure the file is properly formatted with a header row and uses UTF-8 encoding to be compatible with ProcessMind for upload and analysis.

Configuration

API Endpoints: The primary tables queried are change_request and sys_audit. The API endpoints are:
- https://[your-instance].service-now.com/api/now/table/change_request
- https://[your-instance].service-now.com/api/now/table/sys_audit
Authentication: The script uses Basic Authentication for simplicity. For production environments, it is highly recommended to use OAuth 2.0 for enhanced security. The script must be updated to handle the token retrieval and refresh lifecycle if using OAuth.
Date Range Filtering: It is critical to apply a date range filter in the initial query to the change_request table to limit the data volume. A typical range for process mining analysis is 3 to 12 months. Example filter: sysparm_query=sys_created_on>=2023-01-01 00:00:00.
Field Selection (sysparm_fields): To improve API performance and reduce network traffic, use the sysparm_fields parameter to specify only the columns you need. For change_request, this would include sys_id, number, sys_created_on, assignment_group, type, priority, risk, and cmdb_ci.
Pagination Handling: For large datasets, ServiceNow returns records in pages. The script must handle pagination by using the sysparm_limit and sysparm_offset parameters, looping through pages until all records for the query are retrieved.
Audit Table Prerequisites: This method relies entirely on the sys_audit table. Verify that auditing is enabled for the change_request table and specifically for the state, approval, and active fields, as their history is required to generate the event log.

a Sample Query javascript

const axios = require('axios');
const fs = require('fs');

// --- Configuration ---
const SN_INSTANCE = '[your-instance].service-now.com';
const SN_USER = '[your_username]';
const SN_PASSWORD = '[your_password]';
const START_DATE = '2023-01-01 00:00:00'; // Start date for changes to extract
const END_DATE = '2023-12-31 23:59:59';   // End date for changes to extract
const OUTPUT_FILE = 'servicenow_change_management_log.csv';

const auth = { username: SN_USER, password: SN_PASSWORD };

// Maps ServiceNow integer state values to human-readable names. Configure based on your system.
const STATE_MAP = {
    '-5': 'Draft',
    '-4': 'Assess',
    '-3': 'Authorize',
    '-2': 'Scheduled',
    '-1': 'Implement',
    '0': 'Review',
    '3': 'Closed',
    '4': 'Canceled',
    // Add any custom state values here
};

// Defines the standard process flow for detecting 'Reopened' events
const STATE_SEQUENCE = { 'Assess': 1, 'Authorize': 2, 'Scheduled': 3, 'Implement': 4, 'Review': 5, 'Closed': 6 };

// Function to fetch data with pagination
async function fetchAllRecords(table, query, fields) {
    let offset = 0;
    const limit = 1000;
    let allRecords = [];
    let hasMore = true;

    while (hasMore) {
        console.log(`Fetching ${table} records, offset: ${offset}`);
        const url = `https://${SN_INSTANCE}/api/now/table/${table}`;
        try {
            const response = await axios.get(url, {
                auth,
                params: {
                    sysparm_query: `${query}^sysparm_offset=${offset}^sysparm_limit=${limit}`,
                    sysparm_display_value: 'false', // Get raw values for mapping
                    sysparm_exclude_reference_link: true,
                    sysparm_fields: fields
                }
            });
            const records = response.data.result;
            if (records.length > 0) {
                allRecords = allRecords.concat(records);
                offset += limit;
            } else {
                hasMore = false;
            }
        } catch (error) {
            console.error(`Error fetching from ${table}:`, error.response ? error.response.data : error.message);
            hasMore = false;
        }
    }
    return allRecords;
}

// Main extraction function
async function extractChangeLog() {
    const eventLog = [];

    // 1. Get all change requests in the date range
    const changeQuery = `sys_created_on>=${START_DATE}^sys_created_on<=${END_DATE}`;
    const changeFields = 'sys_id,number,sys_created_on,assignment_group,type,priority,risk,cmdb_ci,state';
    const changes = await fetchAllRecords('change_request', changeQuery, changeFields);

    for (const change of changes) {
        // Activity: Change Request Created
        eventLog.push({
            ChangeRequestNumber: change.number,
            ActivityName: 'Change Request Created',
            EventTime: change.sys_created_on,
            ChangeState: STATE_MAP[change.state] || 'Unknown',
            AssignmentGroup: change.assignment_group,
            ChangeType: change.type,
            Priority: change.priority,
            RiskLevel: change.risk,
            ConfigurationItem: change.cmdb_ci
        });

        // 2. Get audit history for this change
        const auditQuery = `documentkey=${change.sys_id}^tablename=change_request^fieldnameINstate,approval`;
        const auditFields = 'sys_created_on,fieldname,oldvalue,newvalue';
        const auditRecords = await fetchAllRecords('sys_audit', auditQuery, auditFields);

        for (const audit of auditRecords) {
            let activityName = null;

            if (audit.fieldname === 'state') {
                const oldStateName = STATE_MAP[audit.oldvalue] || audit.oldvalue;
                const newStateName = STATE_MAP[audit.newvalue] || audit.newvalue;

                switch (newStateName) {
                    case 'Assess': activityName = 'Change Awaiting Assessment'; break;
                    case 'Authorize': activityName = 'Risk And Impact Assessed'; break;
                    case 'Scheduled': activityName = 'Change Scheduled'; break;
                    case 'Implement': activityName = 'Implementation Started'; break;
                    case 'Review':
                        // Per requirements, create two distinct events for the same timestamp
                        eventLog.push({ ...change, ActivityName: 'Change Implemented', EventTime: audit.sys_created_on, ChangeState: newStateName });
                        eventLog.push({ ...change, ActivityName: 'Review In Progress', EventTime: audit.sys_created_on, ChangeState: newStateName });
                        continue; // Skip the generic push at the end
                    case 'Closed': activityName = 'Change Closed'; break;
                    case 'Canceled': activityName = 'Change Canceled'; break;
                }
                // Check for 'Reopened' event
                if (STATE_SEQUENCE[oldStateName] && STATE_SEQUENCE[newStateName] && STATE_SEQUENCE[newStateName] < STATE_SEQUENCE[oldStateName]) {
                    eventLog.push({ ...change, ActivityName: 'Change Reopened', EventTime: audit.sys_created_on, ChangeState: newStateName });
                }

            } else if (audit.fieldname === 'approval') {
                if (audit.newvalue === 'requested') activityName = 'Approval Requested';
                if (audit.newvalue === 'approved') activityName = 'Change Approved';
                if (audit.newvalue === 'rejected') activityName = 'Change Rejected';
            }

            if (activityName) {
                eventLog.push({
                    ChangeRequestNumber: change.number,
                    ActivityName: activityName,
                    EventTime: audit.sys_created_on,
                    ChangeState: STATE_MAP[change.state] || 'Unknown', // Use the final state of the change for context
                    AssignmentGroup: change.assignment_group,
                    ChangeType: change.type,
                    Priority: change.priority,
                    RiskLevel: change.risk,
                    ConfigurationItem: change.cmdb_ci
                });
            }
        }
    }

    // 3. Convert to CSV and save
    if (eventLog.length > 0) {
        const header = Object.keys(eventLog[0]).join(',');
        const rows = eventLog.map(row => Object.values(row).map(val => `"${val || ''}"`).join(','));
        fs.writeFileSync(OUTPUT_FILE, `${header}\n${rows.join('\n')}`);
        console.log(`Extraction complete. Saved ${eventLog.length} events to ${OUTPUT_FILE}`);
    } else {
        console.log('No events found for the specified criteria.');
    }
}

extractChangeLog();

Steps

Prerequisites: Ensure you have Python 3.6 or newer installed on your system. Install the necessary Python libraries by running pip install requests pandas in your command line or terminal.
ServiceNow API User Setup: In ServiceNow, create a dedicated service account user for this extraction. Grant this user the itil role at a minimum, which provides read access to the change_request table. For accessing historical data, the user will also need read access to the sys_audit and sysapproval_approver tables. Assign the rest_api_explorer role for easier testing if needed.
Configure the Python Script: Download the provided Python script. Open the file and update the placeholder variables at the top: SERVICENOW_INSTANCE, SERVICENOW_USER, and SERVICENOW_PASSWORD with your specific instance URL and the credentials for the user created in the previous step.
Set Extraction Parameters: Modify the sysparm_query variable in the script to define the date range and scope of the extraction. It is pre-configured to pull change requests updated in the last 180 days. You can adjust the date range or add other filters, such as active=true or specific company codes, to narrow the results.
Execute the Script: Run the script from your terminal using the command python your_script_name.py. The script will connect to the ServiceNow REST API, authenticate, and begin fetching data for change requests, their state changes, and approval history.
Handle Pagination: The script is designed to automatically handle pagination by making multiple API calls if the number of records exceeds the per-page limit set by ServiceNow. It will print progress updates to the console.
Data Transformation: The script processes the raw API responses in memory. It identifies key events like creation, state transitions, and approvals. It then maps these system events to the user-friendly ActivityName values required for the event log, such as 'Change Awaiting Assessment' or 'Change Approved'.
Consolidate Event Log: All individual events are compiled into a single, structured pandas DataFrame. This DataFrame includes all required and recommended attributes for each event, creating a complete timeline for every change request.
Review the Output: Once the script finishes, it will create a CSV file named servicenow_change_management_log.csv in the same directory. Open this file to review the extracted data and ensure it appears correct.
Prepare for Upload: The generated CSV file is formatted according to the ProcessMind event log specification. No further formatting is required. The file is ready for upload.

Configuration

Authentication: The script uses Basic Authentication with a username and password. For enhanced security, consider modifying the script to use OAuth 2.0, which ServiceNow also supports.
ServiceNow Endpoints: The script primarily interacts with three REST API endpoints: /api/now/table/change_request for core change data, /api/now/table/sys_audit for historical field changes (especially the 'state' field), and /api/now/table/sysapproval_approver for approval and rejection events.
Date Range Filtering: The date range is controlled via the sysparm_query parameter in the API request for the change_request table. It's recommended to extract data for a period of 3 to 6 months to balance detail with performance. A query like sys_updated_on>=javascript:gs.daysAgo(180) is a good starting point.
Record Limiting: The script fetches records in batches using the sysparm_limit parameter to avoid overwhelming the API. The get_all_records function handles the looping and offsetting automatically.
Prerequisites: A ServiceNow user account with at least the itil role is required. Read access to sys_audit and sysapproval_approver tables is also necessary. If your ServiceNow instance uses custom roles, ensure the user has read permissions for all fields being extracted from these tables.
Performance Considerations: Querying the sys_audit table can be resource-intensive on your ServiceNow instance. It is advisable to run large extractions during off-peak business hours and apply strict date filters to minimize the performance impact.

a Sample Query python

import requests
import pandas as pd
import getpass
from datetime import datetime

class=class="hl-string">"hl-comment"># --- Configuration ---
class=class="hl-string">"hl-comment"># Enter your ServiceNow instance URL, for example, https://your-instance.service-now.com
SERVICENOW_INSTANCE = class="hl-string">"[Your ServiceNow Instance URL]"
SERVICENOW_USER = class="hl-string">"[Your ServiceNow API Username]"
class=class="hl-string">"hl-comment"># It is recommended to use a secure method for password management, such as environment variables or a secrets manager.
SERVICENOW_PASSWORD = getpass.getpass(class="hl-string">"Enter ServiceNow Password: ")

class=class="hl-string">"hl-comment"># --- State and Approval Mapping ---
class=class="hl-string">"hl-comment"># Maps ServiceNow integer state values to human-readable activity names
STATE_MAP = {
    class="hl-string">'-4': class="hl-string">'Change Awaiting Assessment',
    class="hl-string">'-3': class="hl-string">'Risk And Impact Assessed', class=class="hl-string">"hl-comment"># Mapped from leaving Assess state
    class="hl-string">'-2': class="hl-string">'Change Scheduled',
    class="hl-string">'-1': class="hl-string">'Implementation Started',
    class="hl-string">'0': class="hl-string">'Review In Progress',
    class="hl-string">'3': class="hl-string">'Change Closed',
    class="hl-string">'4': class="hl-string">'Change Canceled'
}

class=class="hl-string">"hl-comment"># Function to handle pagination and fetch all records from an endpoint
def get_all_records(endpoint, query_params):
    records = []
    offset = 0
    limit = 1000
    while True:
        query_params[class="hl-string">'sysparm_offset'] = str(offset)
        query_params[class="hl-string">'sysparm_limit'] = str(limit)
        response = requests.get(endpoint, auth=(SERVICENOW_USER, SERVICENOW_PASSWORD), params=query_params)
        response.raise_for_status()
        data = response.json().get(class="hl-string">'result', [])
        if not data:
            break
        records.extend(data)
        offset += limit
        print(fclass="hl-string">"Fetched {len(records)} records from {endpoint.split('/')[-1]}...")
    return records

def main():
    print(class="hl-string">"Starting ServiceNow Change Management data extraction...")
    event_log = []

    class=class="hl-string">"hl-comment"># 1. Fetch Change Request base data
    print(class="hl-string">"\nStep 1: Fetching core Change Request data...")
    cr_endpoint = fclass="hl-string">"{SERVICENOW_INSTANCE}/api/now/table/change_request"
    cr_params = {
        class="hl-string">'sysparm_display_value': class="hl-string">'true',
        class="hl-string">'sysparm_fields': class="hl-string">'number,sys_id,sys_created_on,sys_updated_on,state,assignment_group,type,priority,risk,cmdb_ci',
        class="hl-string">'sysparm_query': class="hl-string">'sys_updated_on>=javascript:gs.daysAgo(180)' class=class="hl-string">"hl-comment"># Adjust date range as needed
    }
    change_requests = get_all_records(cr_endpoint, cr_params)
    
    if not change_requests:
        print(class="hl-string">"No change requests found for the specified period. Exiting.")
        return

    cr_sys_ids = [cr[class="hl-string">'sys_id'] for cr in change_requests]
    cr_map = {cr[class="hl-string">'sys_id']: cr for cr in change_requests}
    cr_id_query_part = class="hl-string">'^documentkeyIN' + class="hl-string">','.join(cr_sys_ids)

    class=class="hl-string">"hl-comment"># 2. Fetch all relevant Audit (sys_audit) records for state changes
    print(class="hl-string">"\nStep 2: Fetching audit history for state changes...")
    audit_endpoint = fclass="hl-string">"{SERVICENOW_INSTANCE}/api/now/table/sys_audit"
    audit_params = {
        class="hl-string">'sysparm_display_value': class="hl-string">'false', class=class="hl-string">"hl-comment"># We need the integer state values
        class="hl-string">'sysparm_fields': class="hl-string">'documentkey,sys_created_on,oldvalue,newvalue',
        class="hl-string">'sysparm_query': fclass="hl-string">'tablename=change_request^fieldname=state^{cr_id_query_part}'
    }
    audit_records = get_all_records(audit_endpoint, audit_params)

    class=class="hl-string">"hl-comment"># 3. Fetch all relevant Approval (sysapproval_approver) records
    print(class="hl-string">"\nStep 3: Fetching approval history...")
    approval_endpoint = fclass="hl-string">"{SERVICENOW_INSTANCE}/api/now/table/sysapproval_approver"
    approval_params = {
        class="hl-string">'sysparm_display_value': class="hl-string">'true',
        class="hl-string">'sysparm_fields': class="hl-string">'sysapproval,sys_created_on,sys_updated_on,state',
        class="hl-string">'sysparm_query': fclass="hl-string">'sysapprovalIN' + class="hl-string">','.join(cr_sys_ids)
    }
    approval_records = get_all_records(approval_endpoint, approval_params)

    print(class="hl-string">"\nStep 4: Transforming data into event log format...")
    class=class="hl-string">"hl-comment"># Process each change request to build the event log
    for cr_id, cr_data in cr_map.items():
        base_attributes = {
            class="hl-string">'ChangeRequestNumber': cr_data.get(class="hl-string">'number'),
            class="hl-string">'ChangeState': cr_data.get(class="hl-string">'state'),
            class="hl-string">'AssignmentGroup': cr_data.get(class="hl-string">'assignment_group'),
            class="hl-string">'ChangeType': cr_data.get(class="hl-string">'type'),
            class="hl-string">'Priority': cr_data.get(class="hl-string">'priority'),
            class="hl-string">'RiskLevel': cr_data.get(class="hl-string">'risk'),
            class="hl-string">'ConfigurationItem': cr_data.get(class="hl-string">'cmdb_ci')
        }

        class=class="hl-string">"hl-comment"># Event: Change Request Created
        event_log.append({
            **base_attributes,
            class="hl-string">'ActivityName': class="hl-string">'Change Request Created',
            class="hl-string">'EventTime': cr_data.get(class="hl-string">'sys_created_on'),
            class="hl-string">'EndTime': None
        })
        
        class=class="hl-string">"hl-comment"># Events from Audit History (State Changes)
        cr_audit_records = sorted([r for r in audit_records if r[class="hl-string">'documentkey'] == cr_id], key=lambda x: x[class="hl-string">'sys_created_on'])
        
        last_state = None
        for audit in cr_audit_records:
            new_state = audit[class="hl-string">'newvalue']
            old_state = audit[class="hl-string">'oldvalue']
            event_time = audit[class="hl-string">'sys_created_on']

            class=class="hl-string">"hl-comment"># Activity: Risk and Impact Assessed (when moving out of Assess state)
            if old_state == class="hl-string">'-4': class=class="hl-string">"hl-comment"># Assess
                 event_log.append({
                    **base_attributes,
                    class="hl-string">'ActivityName': class="hl-string">'Risk And Impact Assessed',
                    class="hl-string">'EventTime': event_time,
                    class="hl-string">'EndTime': None
                })

            class=class="hl-string">"hl-comment"># Map new state to activity
            if new_state in STATE_MAP:
                event_log.append({
                    **base_attributes,
                    class="hl-string">'ActivityName': STATE_MAP[new_state],
                    class="hl-string">'EventTime': event_time,
                    class="hl-string">'EndTime': None
                })
            
            class=class="hl-string">"hl-comment"># Activity: Change Reopened (non-linear transition, e.g., Review (0) -> Implement (-1))
            if old_state and new_state and int(old_state) > int(new_state):
                class=class="hl-string">"hl-comment"># Basic check for moving to a numerically lower state, indicating rework
                if not (old_state == class="hl-string">'3' and new_state == class="hl-string">'0'): class=class="hl-string">"hl-comment"># Exclude closed to review which might be valid
                    event_log.append({
                        **base_attributes,
                        class="hl-string">'ActivityName': class="hl-string">'Change Reopened',
                        class="hl-string">'EventTime': event_time,
                        class="hl-string">'EndTime': None
                    })
            last_state = new_state

        class=class="hl-string">"hl-comment"># Events from Approval History
        cr_approval_records = sorted([r for r in approval_records if r[class="hl-string">'sysapproval'][class="hl-string">'value'] == cr_id], key=lambda x: x[class="hl-string">'sys_created_on'])
        for approval in cr_approval_records:
            class=class="hl-string">"hl-comment"># Activity: Approval Requested
            event_log.append({
                **base_attributes,
                class="hl-string">'ActivityName': class="hl-string">'Approval Requested',
                class="hl-string">'EventTime': approval[class="hl-string">'sys_created_on'],
                class="hl-string">'EndTime': None
            })

            class=class="hl-string">"hl-comment"># Activity: Change Approved or Rejected
            if approval[class="hl-string">'state'] == class="hl-string">'Approved':
                event_log.append({
                    **base_attributes,
                    class="hl-string">'ActivityName': class="hl-string">'Change Approved',
                    class="hl-string">'EventTime': approval[class="hl-string">'sys_updated_on'],
                    class="hl-string">'EndTime': None
                })
            elif approval[class="hl-string">'state'] == class="hl-string">'Rejected':
                event_log.append({
                    **base_attributes,
                    class="hl-string">'ActivityName': class="hl-string">'Change Rejected',
                    class="hl-string">'EventTime': approval[class="hl-string">'sys_updated_on'],
                    class="hl-string">'EndTime': None
                })

    print(fclass="hl-string">"Transformation complete. Total events created: {len(event_log)}")

    class=class="hl-string">"hl-comment"># 5. Create and Save DataFrame
    if not event_log:
        print(class="hl-string">"No events were generated. The output file will be empty.")
        return

    print(class="hl-string">"\nStep 5: Saving event log to CSV file...")
    df = pd.DataFrame(event_log)
    df[class="hl-string">'EventTime'] = pd.to_datetime(df[class="hl-string">'EventTime'])
    df = df.sort_values(by=[class="hl-string">'ChangeRequestNumber', class="hl-string">'EventTime'])

    class=class="hl-string">"hl-comment"># Calculate EndTime as the start of the next event for the same case
    df[class="hl-string">'EndTime'] = df.groupby(class="hl-string">'ChangeRequestNumber')[class="hl-string">'EventTime'].shift(-1)
    
    class=class="hl-string">"hl-comment"># Reorder columns for clarity
    column_order = [
        class="hl-string">'ChangeRequestNumber', class="hl-string">'ActivityName', class="hl-string">'EventTime', class="hl-string">'EndTime', class="hl-string">'ChangeState',
        class="hl-string">'AssignmentGroup', class="hl-string">'ChangeType', class="hl-string">'Priority', class="hl-string">'RiskLevel', class="hl-string">'ConfigurationItem'
    ]
    df = df[column_order]

    output_filename = class="hl-string">'servicenow_change_management_log.csv'
    df.to_csv(output_filename, index=False, date_format=class="hl-string">'%Y-%m-%d %H:%M:%S')
    print(fclass="hl-string">"Successfully saved event log to {output_filename}")

if __name__ == class="hl-string">'__main__':
    main()

Your Change Management Data Template

Your Change Management Data Template

Change Management Attributes

Change Management Activities

Extraction Guides

ServiceNow List View Export to CSV/XLS

Steps

Configuration

a Sample Query config

ServiceNow Table API Extraction using REST Queries

Steps

Configuration

a Sample Query javascript

Python Script Extraction via ServiceNow REST API

Steps

Configuration

a Sample Query python

Ready to Get Started?

Stop Failed Changes, Boost ServiceNow Success Now!

Your Change Management Data Template

Your Change Management Data Template

Change Management Attributes

Change Management Activities

Extraction Guides

ServiceNow List View Export to CSV/XLS

Steps

Configuration

a Sample Query config

ServiceNow Table API Extraction using REST Queries

Steps

Configuration

a Sample Query javascript

Python Script Extraction via ServiceNow REST API

Steps

Configuration

a Sample Query python

We value your privacy

Ready to Get Started?

Stop Failed Changes, Boost ServiceNow Success Now!