Docs » Supported integrations in Splunk Observability Cloud » Collector components: Receivers » Splunk HEC receiver

Splunk HEC receiver 🔗

The Splunk HTTP Event Collector (HEC) receiver allows the Splunk Distribution of the OpenTelemetry Collector to collect events and logs in Splunk HEC format. The supported pipeline types are metrics and logs. See Process your data with pipelines for more information.

The receiver accepts data formatted as JSON HEC events under any path or as end-of-line separated log raw data if sent to the raw_path. See Format events for HTTP Event Collector for more information.

Note

For information about the HEC exporter, see Splunk HEC exporter.

Get started 🔗

Follow these steps to configure and activate the component:

  1. Deploy the Splunk Distribution of the OpenTelemetry Collector to your host or container platform:

  2. Configure the Splunk HEC receiver as described in the next section.

  3. Restart the Collector.

Sample configuration 🔗

To activate the Splunk HEC receiver add a splunk_hec entry inside the receivers section of the Collector configuration file:

receivers:
   splunk_hec:

To complete the configuration, include the receiver in the required pipeline of the service section of your configuration file. For example:

service:
   pipelines:
      metrics:
         receivers: [splunk_hec]

Configuration example 🔗

The following example shows a Splunk HEC receiver configured with all available settings:

receivers:
  # ...
  splunk_hec:
  # Address and port the Splunk HEC receiver should bind to
  endpoint: localhost:8088
  # Whether to preserve incoming access token
  access_token_passthrough: true
  # Path accepting raw HEC events (logs only)
  raw_path: "/foo"
  # Path reporting health checks
  health_path: "/bar"
  # Define field mappings
  hec_metadata_to_otel_attrs:
    source: "file.name"
    sourcetype: "foobar"
    index: "myindex"
    host: "myhostfield"
  # Optional TLS settings
  tls:
    # Both cert_file and
    # key_file are required
    # for TLS connections
    cert_file: /test.crt
    key_file: /test.key

Authorize HTTP requests 🔗

To allow the receiver to work with client extensions, add the following in the Collector service and pipeline configuration:

For advanced users, you can implement your own authentication extension to fulfill your requirements using the open-telemetry auth Go package and Configure TLS.

Settings 🔗

The following table shows the configuration options for the Splunk HEC receiver:

Troubleshooting 🔗

If you are a Splunk Observability Cloud customer and are not able to see your data in Splunk Observability Cloud, you can get help in the following ways.

Available to Splunk Observability Cloud customers

Available to prospective customers and free trial users

  • Ask a question and get answers through community support at Splunk Answers .

  • Join the Splunk #observability user group Slack channel to communicate with customers, partners, and Splunk employees worldwide. To join, see Chat groups in the Get Started with Splunk Community manual.

This page was last updated on Sep 18, 2024.