Splunk (HEC)

Splunk Authentication Token and network access to the Splunk indexer.

Creating a Splunk Token

Got to the Settings Menu--> Tokens

Example: Creating a Token within Splunk

Network Requirements

Network access to the Splunk indexer, TCP: 8088 is the default.

Supported Platforms

Platform

Logs

Metrics

Traces

Linux

✓

Windows

✓

macOS

✓

Configuration Table

Parameter

Type

Default

Description

token

string

Authentication token used when connecting to the HTTP Event Collector.

index

string

Optional name of the Splunk index targeted.

hostname

string

localhost

Hostname or IP address of the HTTP Event Collector.

port

int

8088

TCP port to which the exporter is going to send data.

path

string

/services/collector/event

The HTTP API path to which the exporter is going to send data.

max_request_size

int

2097152

The maximum size (in bytes) of a request sent to the destination. A value of 0 will send unbounded requests. The maximum allowed value is 838860800 (~800MB).

max_event_size

int

2097152

The maximum size (in bytes) of an individual event. Events larger than this will be dropped. The maximum allowed value is 838860800 (~800MB).

enable_compression

bool

true

Compress telemetry data using gzip before sending.

enable_tls

bool

false

Whether or not to use TLS.

insecure_skip_verify

bool

false

Enable to skip TLS certificate verification.

ca_file

string

Certificate authority that is used to validate TLS certificates.

Configuration

Example: Splunk Destination configuration

Supported Retry and Queuing Settings

This destination supports the following retry and queuing settings:

Sending Queue

Persistent Queue

Retry on Failure

✓

PreviousSnowflake NextSplunk Observability Cloud

Last updated 1 month ago

Was this helpful?