Need to think about the below for the automation with Splunk:
- The frequency of the logs you want to send. Do you want to send them in real-time, or do you want to send them in batches?
- The format of the logs you want to send. Do you want to send them in JSON, XML, or another format?
- The Splunk server you want to send the logs to. Do you want to send them to a specific Splunk server, or do you want to send them to a load balancer that will distribute them to multiple Splunk servers?
Once you have considered these factors, you can choose the best approach for your needs. Here are some of the options available to you:
- You can use the AEP Audit Logging API to send the logs directly to Splunk.
- You can use a third-party tool like Logmatic or Splunk Enterprise Manager to send the logs to Splunk.
- You can use a cloud-based service like Splunk Cloud to send the logs to Splunk.
The best approach for you will depend on your specific needs and requirements. So, not able to give a straightforward answer as it all depends :).
Hope it helps.