The HTTP Event Collector (HEC) is a secure, token-based system that allows sending logs, events, and other relevant data without requiring additional software installation or login credentials. It simplifies integration, eliminates the need for agents, supports structured data, such as JSON, and enables users to monitor, analyze, and respond to issues more quickly.
You can integrate your data forwarding platforms, such as Splunk, with Traceable using the HTTP Event Collector. Traceable automatically streams real-time data to the external platform, supporting seamless monitoring, analysis, and alerting. This enables you to send and collect data quickly and safely from anywhere, providing real-time visibility and actionable insights.
Note
HEC is available for Splunk integration only.
HEC is available across all environments.
Before you begin
Make a note of the following before proceeding with the integration:
Make sure you have the HTTP Event Collector URL. For more information, see HTTP Event Collector URL.
Make sure you have the API token. For more information, see API Token generation from your Splunk account.
Set up the integration
The HTTP Event Collector integration is configured to receive data over HTTP or HTTPS. You can set up this integration to allow Traceable to send security and observability events directly to Splunk for real-time threat detection. To set up the integration, complete the following steps:
Step 1 — Add New HTTP Event Collector Integration
To set up the HEC integration, log in to your Traceable account, navigate to Integrations ( 
), and do one of the following:
Under All Integrations, search for HTTP Event Collector in the search bar.
Under All Integrations, navigate to SIEM/SOAR → HTTP Event Collector.
HEC Integration Set up
On the HTTP Event Collector widget, click Configure, and in the Add New HTTP Event Collector Integration window, complete the following steps:
Specify the Integration Name, for example, Splunk_HEC.
(Optional) Specify the Description, for example, HEC Integration.
Select Splunk(HEC) from the SIEM platform drop-down.
Specify the URL of the HTTP Event Collector.
Specify the HTTP Event Collector API Token.
Note
It is mandatory to provide a token while configuring a this integration in Traceable.
Click Test Connection. Traceable validates the URL and the API Token. Once the validation succeeds, click Save.
Step 2 — Create a notification channel
You must create a notification channel to receive notifications when an event is triggered. To create a channel, log in to your Traceable account, navigate to Settings (
) → Notifications → Create Channel, and complete the following steps:
Create Channel
Specify a name for the channel, for example, HEC_Channel.
Enable the HTTP Event Collector Webhook toggle.
Once you have enabled the toggle, click Save.
Step 3 — Set up the notification rule
Traceable sends a notification through the channel when an event matches the selected category and type. It allows you to be notified if any rule you create triggers an event. To set up the notification, log in to your Traceable account, navigate to Settings () → Notifications → Create Notification, and complete the following steps:
Create Notification
Specify a Name for your notification, for example, HEC_notif.
Select Who should receive this notification from the drop-down, for example, Channel Based, according to your requirements.
Select the Channel that you created in Step 2 above, from the drop-down, for example, HEC_Channel.
Select the Category from the drop-down according to your requirements.
Select the Threat Types according to your requirements.
Select All Environments under Environments.
Click Save.
After you configure the integration, Traceable monitors your application traffic and detects security events. When it identifies a threat, it generates a notification and sends the event data to Splunk via the HTTP Event Collector (HEC). Splunk ingests the data that you can use for monitoring.