Splunk HTTP Event CollectorThe HTTP Event Collector (HEC) lets you send data and application events to a Splunk deployment over the HTTP and Secure HTTP (HTTPS) protocols.
Splunk HTTP Event Collector (HEC) is a fast and efficient way to send data to Splunk Enterprise and Splunk Cloud. Notably, HEC enables you to send data over HTTP (or HTTPS) directly to Splunk Enterprise or Splunk Cloud from your application. HEC was created with application developers in mind, so that all it takes is a few lines of code added to an app for the app to send data.
Within the workflow builder, highlight the Splunk HTTP Event Collector connector.
In the Splunk HTTP Event Collector connector properties panel to the right of the builder, click on the Authenticate tab and the 'New authentication' button.
This will result in a Tray.io authentication pop-up modal. The first page will ask you to name your authentication and select the type of authentication you wish to create ('Personal' or 'Organisational').
The next page asks you for your 'HTTP Event Collector URI', 'HTTP Event Collector token', and permission to 'Disable SSL validation'.
In order to get these fields, head to your Splunk Instance dashboard.
Your 'HTTP Event Collector URI' has a specific format depending on the type of account you have.
For example, if you have a Splunk Cloud account then the URI is of format:
- protocol: is either
- host: is your Splunk instance that runs HEC.
- port: is the HEC port number. It depends on your type of account and defaults on
Your can get the endpoint from the URL of your Splunk instance page:
For more information on URI formats for different types of account refer to the Send data to HTTP Event Collector section of the Splunk document.
To get the 'HTTP Event Collector token', head to your Splunk instance dashboard and navigate to Settings > 'Data inputs'.
On the Data inputs page, you can select one of your available Data inputs.
Once selected, you will be redirected to the HTTP Event Collector page. You will get the HEC token related to the selected data input on this page.
Once you have added these fields to your Tray.io authentication pop-up window, click the 'Create authentication' button.
Go back to your settings authentication field (within the workflow builder properties panel), and select the recently added authentication from the dropdown options now available.
Your connector authentication setup should now be complete.
The examples below show one or two of the available connector operations in use.
Please see the Full Operations Reference at the end of this page for details on all available operations for this connector.