I'm looking into a way to use Splunk as a data integration tool - so that services like Salesforce can get information from Splunk, instead of relying on my server to call their API.
My logic is that if I report every event to Splunk, and Splunk has a REST API, then why report to additional services and not have them read from Splunk (or Splunk write to them).
I'd love to hear suggestions if anyone's accomplished such a setup - and has insights of considerations such as access tokens, API limitations, data enrichment, shortcuts (like cool Splunk apps that facilitate this) etc.
Examples that demonstrate different ways I thought to take:
1. I set up an alert for a specific kind of Splunk log (e.g. log for a user that deleted their profile) and the alert action uses script/webhook to make a POST request to Salesforce, letting it know a lead should be deleted.
2. I define a saved search/report that aggregates some numbers from logs describing user activities - and set up a service to poll this via Splunk Cloud REST API and update accordingly.
