I finally have the Splunk driver running successfully. At least I think so as it is not producing any errors.
Only... I go to my Splunk server and I see that it is not collecting any events. Since I am not getting any errors, I can't tell what I am missing. Please help!
Not sure this applies to you anymore, but I also noticed while setting this stuff up myself recently that in Splunk when you configure the HEC token, you need to go back into that configuration area and there's a "global" token setting that is set to disabled. You have to enable it.