Splunk is a robust data platform enabling organizations to capture, structure, and analyze machine data instantly. Turning raw information into valuable insights helps businesses proactively monitor operations, identify problems swiftly, and achieve greater operational awareness.
Splunk HTTP Event Collector
Splunk's primary data ingestion API is the HTTP Event Collector (HEC). It efficiently receives real-time data like logs, events, and metrics from external systems using HTTP/HTTPS.
Key Features:
Highly scalable: Efficiently ingests large volumes of data.
Real-time data ingestion: Transmits data to Splunk for immediate indexing.
Data format support: Accepts JSON and plain text data.
Secure authentication: Uses token-based authentication for secure data transmission.
Splunk Connector
The Splunk connector facilitates seamless communication between the Workforce Experience Platform and the customer's Splunk instance. It sends key event data, including logs, performance metrics, and security alerts, directly from the Workforce Experience Platform to Splunk in near real time. This connector ensures the secure capture and efficient indexing of critical data within the customer's Splunk environment. This integration enables centralized monitoring, real-time alerting, and detailed data analytics, empowering customers to identify trends and troubleshoot issues effectively.
This article provides a step-by-step guide to:
Set up a Splunk Account and Activate HEC
Activate Splunk Connector
Splunk Data Connection and Refresh Schedule
Set up a Splunk Account and Activate HEC
Prerequisite
Ensure that your Splunk instance is active and accessible.
Splunk Account and HEC Activation
Create a Splunk Account.
In your Splunk dashboard, go to Settings > Data Inputs > HTTP Event Collector.
Note: The HTTP Event Collector (HEC) is enabled by default on Splunk Cloud Platform.
3. From the HTTP Event collector page, click New Token. A new token for API integration is created.
Note: Make a note of the HEC endpoint URL (e.g., https://<splunk-server>:8088/services/collector ).
.png?sv=2022-11-02&spr=https&st=2025-05-18T19%3A17%3A57Z&se=2025-05-18T19%3A29%3A57Z&sr=c&sp=r&sig=RBGnVY16pek%2F7DZCO2B11WhBDvDHfBZjkAITcgF9M6A%3D)
Activate Splunk Connector
Log in to the WXP portal. The Home page is displayed.
In the left menu of the WXP, click Integrations. The Integration page is displayed.
Under Splunk card, click Configure.
.png?sv=2022-11-02&spr=https&st=2025-05-18T19%3A17%3A57Z&se=2025-05-18T19%3A29%3A57Z&sr=c&sp=r&sig=RBGnVY16pek%2F7DZCO2B11WhBDvDHfBZjkAITcgF9M6A%3D)
Select the checkbox to generate the required reports. Click Save.
.png?sv=2022-11-02&spr=https&st=2025-05-18T19%3A17%3A57Z&se=2025-05-18T19%3A29%3A57Z&sr=c&sp=r&sig=RBGnVY16pek%2F7DZCO2B11WhBDvDHfBZjkAITcgF9M6A%3D)
In the Splunk card, click Connect. In the dialog box, read the instructions for authorizing HP. Click Next.
.png?sv=2022-11-02&spr=https&st=2025-05-18T19%3A17%3A57Z&se=2025-05-18T19%3A29%3A57Z&sr=c&sp=r&sig=RBGnVY16pek%2F7DZCO2B11WhBDvDHfBZjkAITcgF9M6A%3D)
The Splunk activator window is displayed.
Enter the following details in the Splunk activator window to activate.
- Host URL: Example is prd-pi86na.splunkcloud.com:8088.
- HEC Token: Obtained from your Splunk instance.
- Index: Specifies which Splunk Index the data should be stored in; if left empty, defaults to the ‘main’ index.
.png?sv=2022-11-02&spr=https&st=2025-05-18T19%3A17%3A57Z&se=2025-05-18T19%3A29%3A57Z&sr=c&sp=r&sig=RBGnVY16pek%2F7DZCO2B11WhBDvDHfBZjkAITcgF9M6A%3D)
Click Connect. Once connected, WXP data in your Splunk instance is available after five minutes.
Splunk Data Connection and Refresh Schedule
Estimated time for initial data pull: Maximum 10 minutes.
Data refresh frequency: Every 24 hours from connection time.
Contact Us
For any assistance, [create a support case] or email [email protected].