One of the things we are trying to get more insight into is the event log so we can create alerts, dashboards, etc. in order to be proactive.
From what I can tell, even though we set up the Splunksfdc:logfileto be on an interval of 300 seconds, I never end up getting data in Splunk until after 24 hours. This means I can't search for anything that happened unless it was 24 hours ago.
if the log files are generated hourly or once in 24 hours then there is no use of running Splunk input for every 300 seconds or 30 seconds. Input will run but it will fetch 0 results as there are no results provided by API.
I think, you need to focus more on API rather than looking into Splunk TA.