@clintonburnett Did you ever find a solution to this? I was thinking of needing a UF in my DMZ to get the Avanan data or maybe an email box to receive scheduled "custom query" from Avanan. How did you accomplish this?

I moved on to another job before integrating though now Avanan has put out more documentation and gone through a few software updates. The documents are now public. The relevant information to integrate can be found here. Avanan published a two part guide. Then the integration in Splunk would be with the Splunk AWS app or similar if using Splunk cloud.

https://www.avanan.com/manuals/splunk-integration-part-one
https://www.avanan.com/manuals/splunk-integration-part-two
https://splunkbase.splunk.com/app/1274/

It's possible that Avanan is capable of sending to HEC - if so, you should be able to enter at least a host, port, and HEC token on their end. The screenshot I linked to doesn't display the "send to remote server" form for their Splunk integration and their docs aren't public, so no idea if true or not.

Avanan only has place to put the Splunk host and port not a place for token. after researching I believe they claim integration as if you have Splunk cloud you can use HEC but must be a cloud instance and use the query string method to authenticate to Splunk cloud.

http://dev.splunk.com/view/event-collector/SP-CAAAE6P#auth

Sounds to me like an issue for your network team - "how to send data into my corporate network?" is nothing I can help you with, too many company-specific details and policies in place presumably.

understood was looking for the splunk piece believe it is Http event collector.

Their integration is having logs in JSON Formation and an app that has two fields hostname and port. Which I think is probably good enough, but I am missing how to get that over the internet to Splunk.