Splunk HTTP Event Collector (HEC)


The Splunk HTTP Event Collector source can be used to receive events (logs) from applications that emit events in the Splunk HEC format. Events are converted to OTLP format and can be sent to any destination.

The HEC source can be combined with the Splunk HEC Destination. This allows BindPlane's agent to sit in the middle of a Splunk pipeline. Giving you the ability to leverage BindPlane's processing capabilities.

Supported Platforms


Configuration Table

listen_portint8888Port to listen on.
listen_ipstring""IP Address to listen on.
access_token_passthroughstringfalseWhether to preserve incoming access token (Splunk header value) as "com.splunk.hec.access_token" metric resource label.
enable_tlsboolfalseWhether or not to use TLS.
tls_certificate_pathstringPath to the TLS cert to use for TLS-required connections.
tls_private_key_pathstringPath to the TLS key to use for TLS-required connections.

Example Configuration

The HEC source type has two required parameters:

  • Listen IP Address
  • Listening Port

It is recommended to enable the Access Token Passthrough option if you wish to preserve the Splunk access token header as a resource attribute com.splunk_hec.access_token.

observIQ docs - Splunk HTTP Event Collector (HEC) - image 1

Once configured, incoming events will be displayed as logs like this:

observIQ docs - Splunk HTTP Event Collector (HEC) - image 2