Splunk HEC
Table of contents
The Splunk HTTP Event Collector (HEC) lets you send data and application events to a Splunk deployment over the HTTP and Secure HTTP (HTTPS) protocols. HEC uses a token-based authentication model.
You can generate a token and then configure a logging library or HTTP client with the token to send data to HEC in a specific format. This process eliminates the need for a custom forwarder when you send application events.
After you enable HEC, you can use HEC tokens in your app to send data to HEC.
Fluency supports Splunk’s HEC specifications, allowing applications which already support Splunk data export to effortlessly and securely send data to Fluency.
Adding a Fluency plug-in for HEC (HTTP Event Collector)
Login to the Fluency Cloud portal: https://<companyname>.cloud.fluencysecurity.com.
Open the Main Menu from the upper left-hand corner and choose the Cloud Integrations option under the Data Ingress section.
On the following page, navigate to the Event Collectors section.
To Add an integration for HEC, choose the HEC icon from the group on the left side of the page to create a new integration endpoint.
NOTE: If an integration endpoint was setup previously, you can also select and modify it from the right side of the page.
In the pop-up window, enter “Customer” and “Application (shortname)” and click “save” button to add the event connector.
Select the HEC integration endpoint from the list on the right side of the page, in the Event Collectors section. Choose the gear icon to view/configure the connector.
On the following page, “Token” and “Webhook URL” are displayed:
You can keep them to use in your originating application.
Page last updated: 2023 Aug 08