Getting Data In

Routing received data TO an external HEC via HTTPS?


Is it possible to route a stream of data from a heavy forwarder or indexer TO an external non-Splunk HTTPS endpoint (HEC)? We have the requirement to forward off a subset of data to a third-party that has a HEC-equivalent endpoint, but need to do so securely (and be selective about what we send)

Any help greatly appreciated!

0 Karma

Path Finder

Hi Beaker77,

Kindly check the below link, it will help you for the same.

0 Karma


Hi @abhijeet01 - Thanks for that. Unfortunately this covers only a raw TCP stream or forwarding to a Syslog server, and is restricted to a server:port target as opposed to a HTTPS or REST-based endpoint.

Also, because the endpoint is not Splunk, sendCookedData must be set to false, and (as far as I am aware) this will result in the data being sent in cleartext which is not an option (at minimum we require HTTPS/TLS1.2)

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!