As @Honky Donkey said, you can setup direct logging to the HTTP Event Collector.
However, that’s probably not the best idea – unless you’re also logging to local disk.
Why is it not a good idea? Because if you’re only logging to the HEC, you must have Splunk up and running and configured to receive data from your app (including any requisite HEC tokens) to see any logs your app may generate.
What happens when Splunk is down? Or not otherwise unavailable?
Will your app queue logs until it’s available again? How long can it queue? What will happen to logs it can not queue?
What happens if management decides to change from Splunk to ELK Stack or Scalyr?
Always log to local disk.
Offer to log elsehwere/elsehow – but don’t only "log to Splunk": you never know what may change down the road.
from User warren – Stack Overflow https://stackoverflow.com/questions/63887068/what-is-the-recommended-way-to-write-to-splunk-using-log4j/63901679#63901679
via IFTTT