I have a distributed Splunk Enterprise system on-prem. I also have a ServiceNow system hosted in the cloud. The documentation on the Splunk App for ServiceNow says it requires a heavy forwarder. Is there anyway to get ServiceNow cloud into on-prem Splunk?
Hi jgruener,
Yes, absolutely. We support integration with both the cloud and on-prem versions of ServiceNow (versions Geneva, Fuji, and Eureka) from both on-prem or cloud Splunk platforms.
There is one known temporary limitation right now that does not apply to you, but might affect others so I'll include it here: ServiceNow does not allow its on-prem customers access to the ServiceNow app store, which is required for integration with Geneva and Fuji versions. In that case, please file a support ticket and we can help get you the integration app that you need.
You should be good to go in your situation. Be sure to install the Splunk Add-on for ServiceNow as well as the app and put it on both a heavy forwarder and your search heads. You'll collect your data on your heavy forwarder and perform your push integration from your search heads.
Hope this helps!
For reference, here are the docs for the Splunk Add-on for ServiceNow, which you also need: http://docs.splunk.com/Documentation/AddOns/latest/ServiceNow/About