The integration is handled within Splunk. These are the notes that I took from the Security Fundamentals course:

• Advanced Log File Analysis
• Splunk Incident Enrichment integration
  • Searches logs
  • Adds relevant sighting information to Security Incidents
• Built-in Search Processing Analysis
• Add-On for Splunk from Splunkbase
• No ServiceNow plugin to activate; configured within Splunk
• Seamlessly create Security Incidents or events from Splunk events, alerts, and logs
• Integration includes
  • Splunk Add-On
  • Manual Search Commands – create events and alerts from within Splunk
  • Custom event actions

Configure the connection in ServiceNow by navigating from Security Operations > Integration Configuration.

The Splunk - Event Ingestion is described here as:
"Splunk Enterprise integration is supported via a Splunk provided REST API that can consume logging alerts and notable events to create security incidents. Enable the configuration to allow the Security Incident Response application to pull log event data from Splunk"

The "Splunk Search Integration for Security Operations" integration has a ServiceNow Store app: https://store.servicenow.com/sn_appstore_store.do#!/store/application/9c6741f10b12220069d7ea7885673a52/7.0.2

Hope this helps. If not, you will probably have better response in the Security Operations forum: https://community.servicenow.com/community?id=community_forum&sys_id=be299a2ddbd897c068c1fb651f9619bb