# Configure the HEC collector commands

The Anvilogic App for Splunk contains a custom Splunk command that uses the HTTP Event Collector (HEC) to send results from threat identifiers into the events of interest index. This command is critical to the frameworks ability to store events for advanced correlation, and manages auditing on all objects.

More information on the HEC and how to set it up can be found in [Configure HTTP Event Collector on Splunk Enterprise](https://docs.splunk.com/Documentation/Splunk/8.0.2/Data/UsetheHTTPEventCollector#Configure_HTTP_Event_Collector_on_Splunk_Enterprise) in the Splunk Enterprise *Getting Data In* manual.

Perform the following steps to create inputs on a single search head. Some steps may vary if you are managing a search head cluster.

1. In Splunk Web, select **Settings > Data inputs**.
2. Select **HTTP Event Collector > New Token**.
3. Fill in relevant information:
   * Specify a name of **avl\_hec\_token**.
   * Leave the Source Name Override blank.
   * Enter **HEC Input for Anvilogic Detection Framework** as the description.
   * Leave the Output Group as none.
   * Leave the **Enable indexer acknowledgement** box unchecked.
4. Click **Next** to configure the input settings:
   * Source type = Automatic
   * App Context = Anvilogic (anvilogic)
   * index = anvilogic AND index = anvilogic\_metrics
   * Default Index = anvilogic
5. Click **Review**, then click **Submit**.
6. Copy the token value.

Perform the following steps to update the global settings and enable the tokens:

1. In Splunk Web, select **Settings > Data inputs**.
2. Select **HTTP Event Collector > Global Settings**.
3. Ensure the following settings are enabled:
   * All Tokens: Enabled
   * Enable SSL - Check
   * HTTP Port Number = Default is 8088

## Next step

[connect-to-the-anvilogic-platform](https://public-docs.anvilogic.com/get-started/onboarding-guide/select-your-data-repository-and-get-data-in/integrate-splunk-as-your-data-repository/connect-to-the-anvilogic-platform "mention").