Splunk HTTP Event Collector (HEC)
Supported Types
Metrics | Logs | Traces |
---|---|---|
✓ |
Prerequisites
Setup Splunk HTTP Event Collector
See the "Configure HTTP Event Collector on Splunk Enterprise" section in Splunk's documentation. Configure a "Event Collector token", which will be used during the destination type's configuration.
Configuration Table
Parameter | Type | Default | Description |
---|---|---|---|
token | string | Token used to authenticate with the Event Collector. | |
index | string | The index to send logs to (optional). | |
hostname | string | localhost | The address or hostname of the Event Collector. |
port | int | 8088 | The TCP port the Event Collector is listening on. |
path | string | /services/collector/event | The HTTP API path the Event Collector is accepting events on. |
enable_tls | bool | false | Whether or not to connect to the Event Collector using TLS. |
insecure_skip_verify | bool | false | Whether or not to skip TLS certificate verification. |
ca_file | string | The certificate authority file to use when verifying the Event Collector's TLS certificate (optional). |
Example Configurations
Required Values
apiVersion: bindplane.observiq.com/v1
kind: Destination
metadata:
id: hec-basic
name: hec-basic
labels:
platform: linux
spec:
type: splunkhec
parameters:
- name: token
value: 00000-00000-00000
TLS
apiVersion: bindplane.observiq.com/v1
kind: Destination
metadata:
id: hec-tls
name: hec-tls
labels:
platform: linux
spec:
type: splunkhec
parameters:
- name: token
value: 00000-00000-00000
- name: index
value: otel
- name: hostname
value: hec.corp.net
- name: port
value: 8088
- name: path
value: /services/collector/event
- name: enable_tls
value: true
- name: insecure_skip_verify
value: false
- name: ca_file
value: "/opt/tls/hec-ca.crt"
Updated 5 months ago