I'm trying to create incidents from Splunk cloud Alerts. what I read from the docs is we need install an add-on in ServiceNow as well. I did that and tried to configure it. The configuration page asks for Splunk API base URL. What should be provided for that ? I tried giving my cloud address which is something like "XX-qa.splunkcloud.com", it is not working.
you will have to contact Splunk Cloud and ask them to open the API.
if you do not hold the entitlement in your organization, you will have to check internally who can submit such a request
More details, It may help someone -
port 8089 to be opened for the IP address of the ServiceNow which has to be integrated with Splunk
Base AP URL is :8089. If you use Splunk cloud, it will be your idm URL:8089
XX.splunkcloud.com:8089 or idm-XX.splunkcloud.com:8089
you will have to contact Splunk Cloud and ask them to open the API.
if you do not hold the entitlement in your organization, you will have to check internally who can submit such a request
I have the entitlement. Which API should I ask them to open?