Having a look at the ServiceNow Security Operations Event Ingestion Addon for Splunk ES (https://splunkbase.splunk.com/app/4770/) and its a little bit light on doco and what is required to configure.
Is this app capable of being standalone on Splunk? or does it need configuration on the ServiceNow side as well?
specifically when I try and poll the API endpoint mentioned in the setup and scripts (/api/sn_sec_splunkes/notable_event_ingestion), it returns:
"message": "Requested URI does not represent any resource"