> For the complete documentation index, see [llms.txt](https://public-docs.anvilogic.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://public-docs.anvilogic.com/get-started/onboarding-guide/select-your-data-repository-and-get-data-in/integrate-splunk-as-your-data-repository/configure-the-hec-collector-commands.md). # Configure the HEC collector commands The Anvilogic App for Splunk contains a custom Splunk command that uses the HTTP Event Collector (HEC) to send results from threat identifiers into the events of interest index. This command is critical to the frameworks ability to store events for advanced correlation, and manages auditing on all objects. More information on the HEC and how to set it up can be found in [Configure HTTP Event Collector on Splunk Enterprise](https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/UsetheHTTPEventCollector#Configure_HTTP_Event_Collector_on_Splunk_Enterprise) in the Splunk Enterprise *Getting Data In* manual. Perform the following steps to create inputs on a single search head. Some steps may vary if you are managing a search head cluster. 1. In Splunk Web, select **Settings > Data inputs**. 2. Select **HTTP Event Collector > New Token**. 3. Fill in relevant information: * Specify a name of **avl\_hec\_token**. * Leave the Source Name Override blank. * Enter **HEC Input for Anvilogic Detection Framework** as the description. * Leave the Output Group as none. * Leave the **Enable indexer acknowledgement** box unchecked. 4. Click **Next** to configure the input settings: * Source type = Automatic * App Context = Anvilogic (anvilogic) * index = anvilogic AND index = anvilogic\_metrics * Default Index = anvilogic 5. Click **Review**, then click **Submit**. 6. Copy the token value. Perform the following steps to update the global settings and enable the tokens: 1. In Splunk Web, select **Settings > Data inputs**. 2. Select **HTTP Event Collector > Global Settings**. 3. Ensure the following settings are enabled: * All Tokens: Enabled * Enable SSL - Check * HTTP Port Number = Default is 8088 ## Next step [Connect to the Anvilogic platform](/get-started/onboarding-guide/select-your-data-repository-and-get-data-in/integrate-splunk-as-your-data-repository/connect-to-the-anvilogic-platform.md). --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://public-docs.anvilogic.com/get-started/onboarding-guide/select-your-data-repository-and-get-data-in/integrate-splunk-as-your-data-repository/configure-the-hec-collector-commands.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.