Splunk HTTP Event Collector (HEC)

Supported Types

MetricsLogsTraces

Prerequisites

Setup Splunk HTTP Event Collector

See the "Configure HTTP Event Collector on Splunk Enterprise" section in Splunk's documentation. Configure a "Event Collector token", which will be used during the destination type's configuration.

Configuration Table

ParameterTypeDefaultDescription
tokenstringToken used to authenticate with the Event Collector.
indexstringThe index to send logs to (optional).
hostnamestringlocalhostThe address or hostname of the Event Collector.
portint8088The TCP port the Event Collector is listening on.
pathstring/services/collector/eventThe HTTP API path the Event Collector is accepting events on.
enable_tlsboolfalseWhether or not to connect to the Event Collector using TLS.
insecure_skip_verifyboolfalseWhether or not to skip TLS certificate verification.
ca_filestringThe certificate authority file to use when verifying the Event Collector's TLS certificate (optional).

Example Configurations

Required Values

apiVersion: bindplane.observiq.com/v1
kind: Destination
metadata:
    id: hec-basic
    name: hec-basic
    labels:
        platform: linux
spec:
    type: splunkhec
    parameters:
        - name: token
          value: 00000-00000-00000

TLS

apiVersion: bindplane.observiq.com/v1
kind: Destination
metadata:
    id: hec-tls
    name: hec-tls
    labels:
        platform: linux
spec:
    type: splunkhec
    parameters:
        - name: token
          value: 00000-00000-00000
        - name: index
          value: otel
        - name: hostname
          value: hec.corp.net
        - name: port
          value: 8088
        - name: path
          value: /services/collector/event
        - name: enable_tls
          value: true
        - name: insecure_skip_verify
          value: false
        - name: ca_file
          value: "/opt/tls/hec-ca.crt"