Skip to main content

Preparing Splunk

To use Splunk, you need to set up HTTP Event Collector (HEC).

  1. Open Splunk.

  2. Go to Settings > Data inputs.

    Screenshot of the Settings menu with the Data inputs button highlighted.

  3. Select HTTP Event Collector.

  4. Select the green New Token button from the top-right corner.

  5. Fill in the Name field with a name for your HEC.

  6. Select Next.

    Screenshot with the Next button and Name field highlighted.

  7. Select the index you want to ingest data into. In the example screenshot main is selected. You can customize your choice in this page.

    Screenshot of the Add Data page.

  8. Select Review.

  9. Select Submit.