Folks:
Just a quick post to note that I had a wild idea about getting a Splunk universal forwarder running in a Balena Raspberry Pi 4 application, so I could send app log files to my splunk cloud instance. I’ve always kind of hated the Docker/Splunk HEC integration- classifying files and handling multiline events is a huge mess under HEC- so I thought it’d be decent to be able to use a universal forwarder.
Googling suggested that nobody has published prior art on this, so I wrote it.
You can find a sample Balena app, using Apache2 as the app log generator, at https://github.com/pdehlke/balena-splunk.
I hope this is useful for anyone other than just me!
Comments and PRs are more than welcome 
-Pete