I will be configuring service now in splunk distributed cloud environment. I have gone through documentation and still, I have few questions:
Thank you so much @aivarson_splunk
Yes, I want to send data back to service now and it can happen through service now add-on (in SH) correct?
can you please suggest port for service now data to collect in heavy forwarder.
Is this your own Splunk running in the cloud or SplunkCloud (our SaaS product)? If it is your Splunk in the cloud (Bring your own license) then you can do it from the SH. If it is our SplunkCloud the current solution is to configure an on-premise Search Head and put it in Hybrid Search Mode to perform your alert actions.
Correction to #2 above. You don't need to specify a port on Splunk to use. It's a REST API input. That is a pull from your ServiceNow system so it's whatever port (likely 443) that your ServiceNow site uses. Just follow the instructions from our add-on and you should be good. http://docs.splunk.com/Documentation/AddOns/released/ServiceNow/About