Skip to main content

HTTP Event Collector (HEC)

Splunk-compatible HEC

The Splunk-compatible HTTP Event Collector lets you send data and application events to a SIEM deployment over the HTTP and Secure HTTP (HTTPS) protocols. HEC uses a token-based authentication model.

You can generate a token and then configure a logging library or HTTP client with that token to send data to an HEC in a specific format. This process eliminates the need for a custom forwarder when you send application events.

Fluency supports Splunk's HEC specifications, allowing applications which already support Splunk data export to effortlessly and securely send data to Fluency.

Adding a Fluency plug-in for HEC (HTTP Event Collector)

Login to the Fluency Cloud portal: https://(companyname).cloud.fluencysecurity.com.

Open the Main Menu from the upper left-hand corner and choose the Cloud Integrations option under the Data Ingress section.

On the following page, navigate to the Event Collectors section.

To Add an integration for HEC, choose the HEC icon from the group on the left side of the page to create a new integration endpoint.

NOTE: If an integration endpoint was setup previously, you can also select and modify it from the
    section on the right side of the page.

In the pop-up window, provide a Customer name for this integration. Normally, this will just be the name of your deployment or organization. This value will be used solely within Fluency.

Provide a short Application (shortname). The value should describe the product/software or data source that is being integrated. This field will be used for ingress, and therfore, will become part of the data JSON record. Normally, it is suggested to use the product name, written using all lowercase letters, and without spaces.

Select the HEC integration endpoint from the list on the right side of the page, in the Event Collectors section. Choose the gear icon to view/configure the connector.

On the following page, Token and Webhook URL are displayed:

Keep these values to use for configuring the HEC in your originating application.

Interface Demo

Page last updated: 2023 Oct 26