Splunk Integration

Integrate TrapEye with Splunk using the HTTP Event Collector (HEC) to forward threats and interactions in real-time.

1. Go to Settings → Data Inputs inside Splunk.

2. Click Add new in HTTP Event Collector card.

   

3. Choose a Name for the token and click Next.

4. In Source type, select:

   _json

   Then click Review.

   

5. Review the configuration and click Submit.

6. Copy the generated Token value — you will need it for TrapEye.

Your Splunk HEC endpoint follows this format:

https://<host>.splunkcloud.com:8088/services/collector

Example

If your tenant URL is:

https://prd-p-tsr58.splunkcloud.com/

Then your HEC endpoint is:

https://prd-p-tsr58.splunkcloud.com:8088/services/collector

1. Log in to the TrapEye Platform.

2. Navigate to the Connectors section.

3. Choose JSON over HTTP.

4. Fill in Endpoint URL (your HEC collector URL) and Token (copied from Splunk)

5. If your Splunk instance uses a self-signed certificate, uncheck:

   Verify TLS Certificate

6. Click Save Changes.

   

1. Once your connector is enabled, click Test Connection.
   If everything is correct, TrapEye will display:

   “Test event sent successfully.”

2. In Splunk, verify that events are received using:

   index=* event="new_threat"

   You should now see TrapEye events arriving.

   

3. If you enabled the Forward Interactions option in TrapEye, you will also see an interaction event with this search:

   index=* event="new_interaction"

TrapEye is now successfully connected to Splunk via HTTP Event Collector.

You should begin receiving real-time threat and interaction events in your Splunk environment.