Setup Splunk
Configure Splunk HTTP Event Collector (HEC) to receive logs from logcannon.com
Prerequisites
- A Splunk instance with HEC enabled
- An HEC token with write permissions
- An index created in Splunk (or use an existing one)
Step 1: Enable HEC in Splunk
- Log into your Splunk instance
- Navigate to Settings → Data Inputs → HTTP Event Collector
- Click New Token to create a new HEC token
- Configure the token:
- Set a name (e.g., "logcannon")
- Select the index where logs should be stored
- Set the source type (e.g., "WinEventLog:XML")
- Enable the token
- Copy the token value - you'll need it for logcannon.com configuration
Step 2: Configure in logcannon.com
In the logcannon.com interface, provide the following information:
Splunk Web UI URL
The URL you use to access Splunk's web interface, including the port (typically 8000).
https://splunk.example.com:8000HEC Address (Optional)
If your HEC endpoint uses a different address than the web UI, enable "Use separate HEC address" and provide the HEC URL. Otherwise, logcannon.com will automatically use port 8088 on the same hostname.
https://hec.example.com:8088HEC Token
Paste the HEC token you created in Step 1. This token is encrypted and stored securely.
Index
The Splunk index where logs should be stored. This should match the index configured in your HEC token.
SSL Verification
Enable SSL certificate verification for secure connections. Disable only if using self-signed certificates in development environments.
Step 3: Test Connection
Use the "Test Connection" button in logcannon.com to verify your configuration. This will send a test event to your Splunk instance to ensure everything is working correctly.
Format