I'm wondering what is the best practice to integrate Splunk logging in the CircleCI pipeline. There are some packages/apps which allow us to connect and write events to Splunk but didn't find any legit and valid documentation to use Splunk endpoint and token to create build or deployment events.
The Splunk App for CircleCI (https://splunkbase.splunk.com/app/5162/) uses the CircleCI API to collect data into Splunk. There is what appears to be legit and valid documentation for it on github at https://github.com/kikeyama/splunk-circleci-app.
If you need to push data from CircleCI into Splunk then you should be able to use Splunk's HTTP Event Collector (HEC) to do that. Once HEC is enabled, you can create a token for it in the Splunk UI and use that token to send data to the endpoint at https://yoursplunkserver:8088/services/collector/raw. From there, I'm afraid you're on your since I'm not a CircleCI user. Splunk's documentation at https://docs.splunk.com/Documentation/Splunk/9.0.0/Data/FormateventsforHTTPEventCollector explains how to format raw data sent to HEC.