Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Prisma Cloud Integration

XOR
Loves-to-Learn
‎07-08-2025 04:51 AM

Guys i have Splunk Cloud , i created Http Event Collector & in prisma i gave url /service/collector

 

but logs are not showing up in splunk .. my questions :  should i add port number after my http url ?

after url is it  /service/collector or /service/collector/events

 

what should i check as i tesed my prisma said tested pass

 

 

Labels (1)
Labels
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎07-08-2025 07:10 AM

Hi @XOR 

You shouldnt need to add the port in the Prisma config as Splunk Cloud uses the default HTTPS port for HEC receiving. I assume the URL you used starts https:// ?

As far as I know there is no option to add an index into the Prisma configuration therefore the data will go into the default index you selected when you created the HEC token - Are you able to confirm that this is the index that you are checking in?

Regarding the  service/collector or /service/collector/events, you should be able to use the first, or "/services/collector/event" - note no "S" on the end. Prisma Cloud sends HEC events so this is the correct endpoint to use.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply

XOR
Loves-to-Learn
‎07-09-2025 04:56 AM

I tried this curl command and got this output

curl -k https://<splunkcloudlink>:8088/services/collector/event -H "Authorization: Splunk <hec token>" -d "{\"event\": \"hello from the other side\"}"

Output:
{"text":"Success","code":0}

what should i see next

0 Karma
Reply

XOR
Loves-to-Learn
‎07-08-2025 08:11 PM

One more question should I go to hec and copy paste that link right ... Can you pls give me example how that hec link should be like.

 

Eg my link look lke this https://splunkcloudname.com/httpcollector

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...