Hello @mcnamara,

You are right. More details from

http://blogs.splunk.com/2015/10/06/http-event-collector-your-direct-event-pipe-to-splunk-6-3/

HTTP Event Collector (EC) is a new, robust, token-based JSON API for sending events to Splunk from anywhere without requiring a forwarder. It is designed for performance and scale. Using a load balancer in front, it can be deployed to handle millions of events per second. It is highly available and it is secure. It is easy to configure, easy to use. A few other cool tidbits, it supports gzip compression, batching, HTTP keep-alive and HTTP/HTTPs.

If you are a developer looking to get visibility into your applications within Splunk, looking to capture events from external systems and devices (IoT), or you offer a product that you’d like to integrate with Splunk, HTTP Event Collector is the way to go

Picking up one example from @DamienDallimore , you can enable HEC in the java instrumentation app https://splunkbase.splunk.com/app/1716/
which is an instrumentation agent for tracing code level metrics via bytecode injection, JMX attributes/operations/notifications and decoded HPROF records and streaming these events directly into Splunk. The jvm might be running in any machine or container and you can collect the data directly from the source without the need of a forwader