This ways has Pros and Cons - read Access Logging in Confluence. On Pro is that the POST to Splunk in in the backend; so we dont need to open for the receiving system in the Firewall
My site is mainly external as a website, with only one internal user, myself "bnp". In that situation, the PageViewEvent is not so interesting as if this was an internal system with multiple users.
Currently, I have found no way to correlate bot/spider/monitoring hits from the real PageViews.
Also, PageViewEvents only occur when a page is rendered and this gives back HTTP Code "200 OK" to the client. See Different Loggings for different logging compares.
We do POST a json like this to Elasticsearch at URL http://elkserver1:9200/webaccess/pageevent/