I am completely new to Splunk. I understand the basics but am lost on where to start with the designing for and supporting the following scenario for Splunk (or any SEIM). I didn't see a Community Location for this type of question so feel free to direct me to the "Total Nube" section. We run a multi-tenant cloud application and our customers who use Splunk want us to "Log to Splunk". Looking through the "Getting Data In" sections it is unclear to me how we would support Splunk. In our software we allow our tenant admins to preform configurations themselves. So my basic question is: As the developer of a cloud based app, how do we provide support for Splunk? Do we "push" event info to a Splunk server that we store the endpoint information for each tenant separately? Do we create a REST endpoint that Splunk can pole on a specific frequency from each Splunk instance? Bear in mind that we will have tens of customers configuring their tenants to work with their own servers. All the info I have found is geared toward configuring Splunk for my use for my team and not this multi-tenant scenario. Thanks in advance.
... View more