I have a restricted rsyslog client. I can there only specify a Hostname or IP and port as target to send the syslog. Where can I found the Hostname or IP for my splunk cloud to receive the according syslog?
You can only send HEC (or s2s embedded in HTML) to your Cloud HEC inputs. So in order to ingest syslog you need to have something in place on-premise to receive the syslogs and push it as something that Cloud will accept. That can be a UF as @gcusello suggested or a SC4S or properly configured rsyslog/syslog-ng instance with HTTP output.
You can only send HEC (or s2s embedded in HTML) to your Cloud HEC inputs. So in order to ingest syslog you need to have something in place on-premise to receive the syslogs and push it as something that Cloud will accept. That can be a UF as @gcusello suggested or a SC4S or properly configured rsyslog/syslog-ng instance with HTTP output.
you cannot directly receive syslogs on Splunk Cloud.
Usually the best approach is to have one (better two) Forwarder (Heavy or Universal) on premise as syslog server and it has the job to send the logs to Splunk Cloud.
