Currently I have a Logpush GCS bucket, connected to GCP splunk app and works. However in this method its clunky with moving parts and is a delayed process, I’m looking to see if anyone has gotten a logpull working for splunk? I suspect that one would need a Splunk heavy forwader running a script resting logs via API.
On another avenue I saw Cloudlfare mentions to leverage splunk’s HEC (HTTP Event Collector) but only points to splunk docs… any luck via API logpull job directly into the HEC ?
Overall, I’m looking to reduce latency, and complications is log ingestion, so I can leverage CF’s log streaming, and inturnbuild proactive actions.