# Splunk (HEC)

Splunk Authentication Token and network access to the Splunk indexer.

### Creating a Splunk Token

Got to the Settings Menu--> Tokens

<figure><img src="https://1405008107-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FgmiOMzBfoNFwmKJFHMcJ%2Fuploads%2Fgit-blob-500e385d59878053a5bc5bb5ae001f96431548b0%2Fintegrations-destinations-splunk-hec-image-1.png?alt=media" alt="Bindplane docs - Splunk HEC - image 1"><figcaption></figcaption></figure>

Example: Creating a Token within Splunk

<figure><img src="https://1405008107-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FgmiOMzBfoNFwmKJFHMcJ%2Fuploads%2Fgit-blob-85cb72c6447cb0522f278b7c503f4de7843946a5%2Fintegrations-destinations-splunk-hec-image-2.png?alt=media" alt="Bindplane docs - Splunk HEC - image 2"><figcaption></figcaption></figure>

#### Network Requirements

Network access to the Splunk indexer, TCP: 8088 is the default.

### Supported Platforms

| Platform | Logs | Metrics | Traces |
| -------- | ---- | ------- | ------ |
| Linux    |      | ✓       |        |
| Windows  |      | ✓       |        |
| macOS    |      | ✓       |        |

### Configuration Table

<table><thead><tr><th width="180.69921875">Parameter</th><th width="106.69921875">Type</th><th width="125.8671875">Default</th><th>Description</th></tr></thead><tbody><tr><td>token</td><td><code>string</code></td><td></td><td>Authentication token used when connecting to the HTTP Event Collector.</td></tr><tr><td>index</td><td><code>string</code></td><td></td><td>Optional name of the Splunk index targeted.</td></tr><tr><td>hostname</td><td><code>string</code></td><td>localhost</td><td>Hostname or IP address of the HTTP Event Collector.</td></tr><tr><td>port</td><td><code>int</code></td><td>8088</td><td>TCP port to which the exporter is going to send data.</td></tr><tr><td>path</td><td><code>string</code></td><td>/services/collector/event</td><td>The HTTP API path to which the exporter is going to send data.</td></tr><tr><td>max_request_size</td><td><code>int</code></td><td>2097152</td><td>The maximum size (in bytes) of a request sent to the destination. A value of 0 will send unbounded requests. The maximum allowed value is 838860800 (~800MB).</td></tr><tr><td>max_event_size</td><td><code>int</code></td><td>2097152</td><td>The maximum size (in bytes) of an individual event. Events larger than this will be dropped. The maximum allowed value is 838860800 (~800MB).</td></tr><tr><td>enable_compression</td><td><code>bool</code></td><td>true</td><td>Compress telemetry data using gzip before sending.</td></tr><tr><td>enable_tls</td><td><code>bool</code></td><td>false</td><td>Whether or not to use TLS.</td></tr><tr><td>insecure_skip_verify</td><td><code>bool</code></td><td>false</td><td>Enable to skip TLS certificate verification.</td></tr><tr><td>ca_file</td><td><code>string</code></td><td></td><td>Certificate authority that is used to validate TLS certificates.</td></tr></tbody></table>

### Configuration

Example: Splunk Destination configuration

<figure><img src="https://1405008107-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FgmiOMzBfoNFwmKJFHMcJ%2Fuploads%2Fgit-blob-65aa1fd10c27ee950e3aa54b9751c3dbe5ee4cda%2Fintegrations-destinations-splunk-hec-image-3.png?alt=media" alt="Bindplane docs - Splunk HEC - image 3"><figcaption></figcaption></figure>

### Supported Retry and Queuing Settings

This destination supports the [retry settings](https://docs.bindplane.com/configuration/bindplane-otel-collector/retry-on-failure), the [sending queue settings](https://docs.bindplane.com/configuration/bindplane-otel-collector/sending-queue), and the [persistent queue settings.](https://docs.bindplane.com/configuration/bindplane-otel-collector/persistent-queue)

| Sending Queue | Persistent Queue | Retry on Failure |
| ------------- | ---------------- | ---------------- |
| ✓             | ✓                | ✓                |


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.bindplane.com/integrations/destinations/splunk-hec.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.