Preparing Splunk

To use Splunk, you need to set up HTTP Event Collector (HEC). To do this, follow the steps below:

1. Open Splunk.

2. Go to Settings > Data inputs.

   

3. Click HTTP Event Collector.

4. Click the green New Token button from the top-right corner.

5. Fill in the Name field with a name for your HEC.

6. Click Next.

   

7. Select the index you want to ingest data into. In the example screenshot main is selected. You can customize your choice in this page.

   

8. Click Review.

9. Click Submit.