Splunk HEC Setup
Integration to send p0 audit logs to splunk instance.
Last updated
Integration to send p0 audit logs to splunk instance.
Last updated
This topic describes how to set up P0's integration for Splunk HEC (Http Event Collector) exporter. It contains the following sections:
Existing P0 account at
Splunk Instance Admin Role
Public-facing Splunk instance with HEC endpoint secured by an SSL certificate.
The SSL certificate must be signed by a trusted Certificate Authority (CA) to ensure secure communication. Self-signed certificates are not allowed by P0 Security.
Splunk HEC Token
Navigate to "Integrations" on , then select "Splunk" under "Security Information & Event Managers" section. Choose the "HTTP Event Collector" component:
Click on "Add Token" to install.
Enter an unique custom identifier for token and click "Next":
HTTPS endpoint with valid SSL certificate. The instance port number required to form the url can be found in the "Global Settings" within the HEC Settings page.
Tokens are 32 character GUIDs that let logging agents and HTTP clients connect to the HEC input.
Congratulations! You are now set up with Splunk audit logs integration.
Enter the desired configuration and click "Finish" to complete the installation. See the for information about the settings.
Refer to the official Splunk documentation for detailed instructions: .
