Depending on the profile defined, Splunk ES notable events are forwarded manually as discrete notable events into the Security Operations environment of your ServiceNow AI Platform instance.

To set up a profile for manual forwarding of notable events:

Task	Section
Create an event profile	See Create a profile
Map notable event fields	See Explore Mapping
Create custom mappings	See Create mappings for Splunk ES notable event incident review and contributing event details (manual forwarding)
Preview the security incident	See Preview security incident
Set up your Splunk environment for manual ingestion	Create a profile
Automate notable event updates and closure based on SIR incident status	See Automate notable event updates and closures