Splunk HTTP Event Collector (HEC)
The Splunk HTTP Event Collector source can be used to receive events (logs) from applications that emit events in the Splunk HEC format. Events are converted to OTLP format and can be sent to any destination.
The HEC source can be combined with the Splunk HEC Destination. This allows BindPlane's agent to sit in the middle of a Splunk pipeline. Giving you the ability to leverage BindPlane's processing capabilities.
|listen_port||8888||Port to listen on.|
|listen_ip||"0.0.0.0"||IP Address to listen on.|
|access_token_passthrough||false||Whether to preserve incoming access token (Splunk header value) as "com.splunk.hec.access_token" metric resource label.|
|enable_tls||false||Whether or not to use TLS.|
|tls_certificate_path||Path to the TLS cert to use for TLS-required connections.|
|tls_private_key_path||Path to the TLS key to use for TLS-required connections.|
The HEC source type has two required parameters:
- Listen IP Address
- Listening Port
It is recommended to enable the Access Token Passthrough option if you wish to preserve the Splunk access token header as a resource attribute
Once configured, incoming events will be displayed as logs like this: