Dashboards & Visualizations

Recreate HEC token on server


My sandbox splunk instance crashed and I am not able to restore the data. I need to restore my Splunk HEC tokens and settings. Whenever I try to create a new HEC token, Splunk generates a random HEC token id. How do i create a new HEC token with a predefined token id of my choice?

Is it possible to do this through a curl command? If so can you provide instructions or example?

0 Karma


I'm not aware of a way to programmatically create tokens with a specific value but Splunk explains the configuration format at http://docs.splunk.com/Documentation/Splunk/7.1.1/Data/UseHECusingconffiles and editing the config file manually should work fine. I would probably create the tokens in the GUI, then locate the appropriate inputs.conf on the file system (probably $SPLUNK_HOME/etc/apps/launcher/local/inputs.conf) and edit the values there. Restarting Splunk will make the changes take effect. Good luck!

0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...