Hello Ana,

Open logging should be enabled on the gateway, with care (maybe not on prod right away, to evaluate the impact).

Then, when logging is enabled, logs are being written to local files as documented here: link text

Then you got to put this data into Splunk. And there are several ways to do so.

The simpler: You have a Splunk Universal Forwarder in the gateway, and it just monitor the file with a simple configuration like:

[monitor:///<INSTALL_DIR>/apigateway/logs/group-*_instance-*_traffic.log]
sourcetype = axway:apigateway:traffic:json
index = <index>

• the configuration needed to route data to your Splunk (outputs.conf).

Our AWS scenario, not the simpler, but we had to do it that way: You have a CloudWatch agent on the Gateway that forwards the open logging data to a CloudWatch Log Group, which is pushed to Splunk HTTP Event Collector via Kinesis Firehose.

In that case, yes, you need to configure a token on the Splunk side with the HEC input:

[http://<input name>]
index = <index>
indexes = <index>
sourcetype = axway:apigateway:traffic:json
token = <token>
useACK = 1

And the token should also be configured on the Kinesis Firehose stream.

There is some documentation on how to create a Kinesis Forehose stream (i.e. link text), except you do not have to use a Lambda function.

I hope it will help!