Recreate HEC token on server

spammenot66 · ‎06-08-2018

My sandbox splunk instance crashed and I am not able to restore the data. I need to restore my Splunk HEC tokens and settings. Whenever I try to create a new HEC token, Splunk generates a random HEC token id. How do i create a new HEC token with a predefined token id of my choice?

Is it possible to do this through a curl command? If so can you provide instructions or example?

jtacy · ‎06-11-2018

I'm not aware of a way to programmatically create tokens with a specific value but Splunk explains the configuration format at http://docs.splunk.com/Documentation/Splunk/7.1.1/Data/UseHECusingconffiles and editing the config file manually should work fine. I would probably create the tokens in the GUI, then locate the appropriate inputs.conf on the file system (probably $SPLUNK_HOME/etc/apps/launcher/local/inputs.conf) and edit the values there. Restarting Splunk will make the changes take effect. Good luck!

Recreate HEC token on server

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability

Join the Conversation

Recreate HEC token on server

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

May 2026 Splunk Expert Sessions: Security & Observability