Debugging & Mutation Inspection
When you've executed a tool against a ServiceNow instance and need to verify what actually happened — or diagnose why something didn't — these tools answer "what really changed and why". Use them after the fact, never as a substitute for picking the right tool in the first place.
Available debugging tools
| Tool | Purpose |
|---|---|
snow_inspect_mutations | Inspect record changes (INSERT/UPDATE/DELETE) since a timestamp via sys_audit |
snow_get_logs | Query syslog (errors, warnings, info) with a time filter |
snow_get_script_output | Output of previously executed scripts |
snow_trace_execution | Server-side script execution tracing |
snow_get_flow_execution_logs | Flow Designer execution history |
snow_get_inbound_http_logs | Inbound REST API call logs |
snow_get_outbound_http_logs | Outbound REST API call logs |
snow_audit_trail_analysis | Audit trail analysis with anomaly detection |
snow_manage_flow (with verify=true) | Verify a Flow Designer mutation immediately after running it |
Self-debugging workflows
Table API / REST changes (captured by sys_audit)
- •Note the current timestamp before the action — or use a relative window like
"30s" - •Execute the tool you want to verify
- •Call
snow_inspect_mutationswithsince=<timestamp>orsince="30s" - •Review which records were INSERT/UPDATE/DELETE, which fields changed, old → new values
- •Compare expected vs. actual and adjust the calling code
Flow Designer (NOT captured by sys_audit)
Flow Designer uses GraphQL mutations against sys_hub_* tables, which sys_audit does not record. Use the Flow Designer tool's own verification path instead:
- •Pass
verify=trueto anysnow_manage_flowmutation action — you get automatic post-mutation verification - •After publishing, call
snow_manage_flow action=check_execution flow_id=<id>to inspect execution contexts, runs, and outputs - •
check_executionreturns state, status, timing, errors, and output values fromsys_flow_context,sys_hub_flow_run, andsys_hub_flow_output
Picking the right tool
| Symptom | Tool to reach for |
|---|---|
| Script error | snow_get_logs with level="error" |
| Did the flow mutation work? | snow_manage_flow with verify=true |
| What's the flow execution status? | snow_manage_flow action=check_execution |
| What did the Table API actually change? | snow_inspect_mutations with a time window |
| Operation FAILED — what happened? | snow_inspect_mutations with include_syslog=true and include_transactions=true |
| Flow never started? | snow_get_flow_execution_logs |
| Outbound REST call failed? | snow_get_outbound_http_logs |
| Who did what when? | snow_audit_trail_analysis |
Important caveats
- •GraphQL mutations (Flow Designer) are NOT captured by
sys_audit— never expect to see them viasnow_inspect_mutations. Useverify=trueandcheck_executioninstead. - •
sys_auditonly captures successful Table API / REST record changes. Failed operations leave no audit trail. - •For failed operations, check syslog (errors) and
sys_transaction_log(HTTP 4xx/5xx responses). - •
sys_auditfield values are limited to 255 characters —snow_inspect_mutationswarns when values appear truncated. - •Use
snapshot_recordto fetch the current state of a record alongside the audit trail when you need the full picture. - •Use the
tablesfilter to focus on specific tables and reduce noise when there's a lot of activity on the instance.
Don't use these tools as a crutch
Debugging tools verify, they don't replace getting it right the first time. If you find yourself reaching for snow_inspect_mutations after every call, the underlying issue is usually:
- •Picking
snow_execute_scriptwith raw GlideRecord instead of a dedicated tool - •Using placeholders (
"pending","TBD") where real sys_ids are required - •Skipping the Update Set, so changes were tracked into the wrong place
Fix the upstream pattern, then use these tools sparingly for the genuinely unclear cases.