Add splunk cloud support

[jbskytap]

Just FYI - these are the changes I needed to make to get this to work with Splunk cloud, Python 2 and without modifying the TOKEN data provided by Splunk.

it's lacking Docs etc but I figured you or other people might be interested.

[zach-taylor]

@jbskytap thanks so much for the contribution! I'm glad you were able to get this working. I compared the REST API docs for Enterprise and Cloud, and it looks like they share the same endpoints. Perhaps we can just update to use /services/collector/event for both?

Here's what I was referencing:
https://docs.splunk.com/Documentation/SplunkCloud/7.2.3/RESTREF/RESTinput#services.2Fcollector.2Fevent

https://docs.splunk.com/Documentation/Splunk/7.2.3/RESTREF/RESTinput#services.2Fcollector.2Fevent

[jbskytap]

That makes sense. perhaps the use of the old endpoint was a legacy thing in the enterprise service.

I only have access to test on Splunk cloud. would you be able to test this change against Splunk enterprise and ensure that it works with the cloud flag set to True?

If so then I will rip that flag out of this pull.

[ekozlowski]

@zach-taylor Looks like Travis can't pull 3.7 b/c 3.7 isn't supported on Trusty. See travis-ci/travis-ci#9964 Any way we can use Xenial to get this Travis check through and this PR merged?

[zach-taylor]

@jbskytap @ekozlowski thanks for your patience! master is passing for 3.7 again. Please rebase so I can test this and make sure it still works with Splunk Enterprise.

[liorp]

Any progress on this PR? It's been almost 2 years, and the endpoint has definitely changed