For Splunk Light Cloud, you cannot open up a new TCP inputs, due to security constraints.
You could use Universal Forwarder to forward Hiroku logs (if they are file system based) to Splunk Light Cloud Service.
See how to setup forwarders for Splunk Light Cloud
Thanks dkoshe for the quick response. The link to the details on the HTTP event collector is helpful.
Heroku logs are stream-based, not file based. They can be streamed via TCP or HTTPS. However, as far as i know, there is no way to add custom headers to these heroku log drains, which means that i don't believe this path will work.
There is also no direct facility to install something like the universal forwarder on Heroku directly.
So, it seems like the way to get this to work would be to install the universal forwarder on a seperate (non-heroku) computer and have it act as an intermediary? is that true?