Although Splunk provides HEC for third parties to use, Splunk maintains other
aspects of its software as proprietary. One example of such proprietary software is the “S2S”
protocol. S2S stands for “Splunk-to-Splunk,” and this is software that Splunk itself uses to send
data to, or receive data from, Splunk Enterprise and other Splunk software and technologies.
Splunk does not support use of S2S by third parties, does not publish S2S’s source code, and does
not document S2S in a manner that facilitates third-party use of this protocol.
I don't think Splunk claims will hold in court. As said running Wireguard would too just fine.
Mr. Sharp posted a derivation of Splunk’s
proprietary and confidential S2S source code to his personal github webpage (a publicly accessible
website for sharing source code). Mr. Sharp named this derived code “go-S2S.”
