I would like to integrate on-premise Splunk with Atlassian cloud to fetch the cloud audit logs(organization logs, JIRA cloud logs and Confluence cloud logs) for monitoring & alerting via Splunk. The integration will be via REST API call.
a. How to configure and authenticate the REST API using OAuth ? Understand the OAuth is required to be configured in Atlassian cloud first.
b. Does this integration with Atlassian cloud require any add-on to be installed in Splunk ?
c. Can the audit logs fetched via the REST API be ingested as it is into Splunk ? Or whether any transformation will be required before ingesting them into Splunk ?
d. From where within Splunk should I configure to make the REST API call ? Will this be in the Splunk heavy forwarder ?