Splunk HTTP Event Collector (HEC) Forwarder
Apica supports forwarding data to Splunk HEC (HTTP Event Collector) indexes using the HEC Forwarder integration. You can configure forwarders for both:
Metric Index (for time-series metric ingestion)
Non-Metric Index (for log and JSON event ingestion)
🛠️ Setup Steps (Common for All HEC Forwarders)
To configure a Splunk HEC Forwarder in Apica:
Go to the Integrations menu.
Navigate to the Forwarders tab.
Click Add Forwarder.
Choose Splunk HTTP Event Collector (HEC).
Fill in the following fields:
Host
URL or domain of the Splunk HEC endpoint (e.g., https://splunk.company.com
)
Port
HEC port (8088
by default)
User
Splunk username (typically admin
)
Password
The Splunk HEC token (not actual user password)
Type
Choose _metric
or _json
depending on the index type
🔐 Creating a Splunk HEC Token in Splunk
To retrieve the HEC token from Splunk:
In Splunk, go to Settings → Data → Data Inputs.
Select HTTP Event Collector.
Click Add new token, set permissions and source types.
Copy the generated HEC token — use this as the Password in the Apica's forwarder setup.
For more details please refer the official Splunk documentation.
Additional Notes
Both forwarder types support sending data to external Splunk HEC endpoints.
For non-TLS connections, use
http://
in the Host URL.If you observe data loss or ingestion issues, validate the HEC token permissions and Splunk ingest capacity.
Last updated
Was this helpful?