Maybe I'm late but in case someone else need the information:
You need to make sure that you have the right CB api url. (e.g. api-prod05.conferdeploy.net). This documentation can help too to get the right url: https://community.carbonblack.com/docs/DOC-6057
Contact your sales rep from CB to get it if you are still unsure.
Also, you need to get an API key. When creating a SIEM connector in your CB settings, you will get a connector id and the api key. In the Splunk api setting you need to put: [API KEY]/CONNECTOR ID
Now, you need to create a notification alert in CB and make sure to select the newly created connector in the "search for connector" field.
Once it's done, be sure to create a new input in splunk cb defense app settings so it will auto poll CB and get you some data.
Feel free if you need more specific details or have more question related to this configuration.
You won't see any data until the next "notification" is triggered. You can't fetch old events. Generate a notification on a device that have CB Defense by calling the eicar virus test file and you should receive an alert soon enough.