We have an on-premise, distributed deployment in a clustered Splunk environment (index and search head clustering). Is there a recommendation on how the Oracle cloud logs should be ingested into Splunk? Upon doing some reseach, I noticed that both Splunk HTTP Collector and REST API Modular Inputs were recommended, so I'm interested in knowing what the community's thoughts are.
Check out this post: Oracle Identity Cloud Service: Integrating with Splunk
It's focused on user login data, but does describe how to develop a custom application and ingest its events also.
If you're using the Oracle CASB Cloud Service for security monitoring, it's events may also be exported to Splunk.
Cloud > Cloud Platform > CASB Cloud Service > Exporting Risk Events to Splunk