You can use the HTTP Log plugin to send Kong Gateway logs to Splunk.
Note: The following example uses Splunk 9.0.2. If you are using a different version of Splunk,
check the Splunk documentation
for the appropriate method.
You have a Splunk authorization token.
Send raw text to HEC
To send raw text, use the
/services/collector/raw Splunk endpoint.
For example, assuming that Splunk is running at
https://example.splunkcloud.com:8088/ and its secure token is
you can enable an HTTP Log plugin instance using the following configuration:
Based on this configuration, the HTTP Log plugin sends the logs to
https://example.splunkcloud.com:8088/services/collector/raw with a secure token.
Logs are sent as JSON objects. See the Log Format reference for details.