Hi,

Create a Splunk account if you don't have one already.
Login to Splunk and go to the "Add Data" page by clicking on the "Add Data" button in the main menu.
Select "HTTP Event Collector" as the data source.
Create a new HTTP Event Collector token by clicking on the "New Token" button.
Give a name to the token and click on the "Create" button.
Copy the token value and save it for later use.
In your Heroku dashboard, go to the app you want to monitor.
Add the Splunk Add-on to the app by running the following command in your terminal:

$ heroku addons:create splunk
$ heroku addons:open splunk

This will open the Splunk Add-on configuration page in your browser. Enter the token value in the "HEC Token" field and click on "Save".

Once the Splunk Add-on is configured, you can start sending logs to Splunk by adding the following configuration to your app's log drain:

Splunk Cloud
$ heroku drains:add https://input-output.cloud.splunk.com:443/inputs/http/<HEC Token>
Splunk
$ heroku drains:add https://splunk.yourdomain.com:443/inputs/http/<HEC Token>

Or you can send syslog.

https://www.splunk.com/en_us/blog/tips-and-tricks/splunking-heroku.html?locale=en_us