Ok so I think that I like Brian Keifer’s code better but I am open to both of them. I’m no developer but I can script the crap out of some things with bash lol, and I can get a fairly good understanding of what I’m looking at. So this is what I have so far and I think that it wants to run but I’m getting this error
java.lang.ClassCastException: org.codehaus.groovy.runtime.GStringImpl cannot be cast to java.util.Map @ line 165I have the code here https://github.com/TheFuzz4/SmartThingsSplunkLogger/blob/master/splunklogger.groovy please feel free to modify the code and check in your changes and I’ll commit them or I can just update directly 
Thank you all for your help I think that I am close to getting this to work. I’m not sure if this will be trying to hit the server from the cloud or if the hub will just send it directly to the internal splunk address. Figured I could figure that out once I get past this gstring error.
EDIT: So I’ve now got it to hit my splunk server from the cloud to internal. However I’m getting a 400 error from splunk now. I’ve checked in my latest changes to git and I’ve posted here https://answers.splunk.com/answers/369266/output-smartthings-logs-to-http-event-collector.html?minQuestionBodyLength=80
with a question because I’m not sure if the json object that’s being created is splunk compliant. Since this was originally written for logstash I think that splunk isn’t happy with the formatting.
I’ve been looking here http://dev.splunk.com/view/event-collector/SP-CAAAE6P at their example and I wonder if there has to be a specific order of the items in order for splunk to be happy with it. We’re getting there but not quite there yet.