Collect HTTP events in Onum with new Splunk HEC integration

August 15, 2024

Send event data to Splunk directly via HTTP or HTTPS.

Efficiently ingest data into Splunk without the need for intermediary files or complex configurations.

  • Efficiency: Reduces latency in data ingestion.
  • Ease of Integration: Uses standard protocols and is compatible with a wide variety of programming languages.
  • Security: Allows secure transmission of sensitive data.

Key features

Splunk HEC is a powerful tool for real-time data ingestion, especially useful in environments where data speed and security are critical.

  1. Real-Time Data Ingestion: sends data in real-time directly to Splunk from applications, services, and devices.

  2. HTTP/HTTPS Protocol: Uses HTTP and HTTPS protocols, making it easy to integrate a plethora of data sources.

  3. No Intermediate Files Needed: Eliminates the need for intermediary log files, reducing latency and simplifying the data ingestion process.

  4. Security: Offers authentication and encryption via HTTPS, ensuring data protection.

  5. Scalability: Handles large volumes of event data, making it suitable for enterprise applications and production environments.

  6. Flexible Configuration: Configures different tokens for various data sources-

Using Splunk Tokens

After logging in to your Splunk Cloud instance using your Splunk account credentials, go to the Splunk Cloud dashboard.

Select Settings and find the list of Tokens. Copy it to your clipboard to start using it in your Sink.

Use the token or script to authenticate requests to your Splunk Cloud instance. Typically, the token is sent in the authorization header of HTTP requests.

token value

Configure an Event Collector

Below are step-by-step instructions on using a Splunk HEC event collector to get the values for the Onum sink.

splunk

Configure the Event Collector

Once inside the server, configure the Event Collector to receive data along with the access token.
  1. On the main screen, open the Settings menu and select Data Inputs. 

  2. Choose the HTTP Event Collector option. 

  3. Set an access token for authentication.Select the New Token option in the top-right corner to access the token configuration screen. our token. 

  4. Set the token name.

  5. Select at least the main index for quicker event searching. 

  6. Save the created token's value. 

  7. Save the created token's value.

Search for Received Events

On the main screen, go to Search & Reporting.  You can search by parameters like index or sourceType. For more information, refer to Splunk's official documentation: What's in Splunk Search. 

Once your instance is created, you can process to build your sink.