Monad

Splunk HEC Input

Accepts POSTed data directly to the Monad Splunk HEC endpoints.

Details

The Splunk HEC input implements the Splunk HEC endpoints. By creating a Splunk HEC Input, users can publish any data they wish to a pipeline without needing to have a specifically implemented input to support that data.

Prerequisites

There are no Prerequisites to start using the Splunk HEC input. Simply create a Splunk HEC Input and attach it to a pipeline.

Sending data

Sending data to a Splunk HEC input requires sending a POST request to the Monad API with a Splunk Authentication header.

The body of the request requires that records be put in the event key in an array of json objects for each record.

Note: When including multiple records, the format is line delimited JSON object

Authentication

All requests to the Splunk HEC endpoints require a Splunk authentication header to be set.

Code
Authorization: Splunk <pipeline-uuid>

Single record

POST /services/collector or POST /services/collector/event

The json object in event will be sent to the pipeline directly. All other fields supported by the Splunk HEC standard will be ignored.

Code
{
  "event": {}
}

POST /service/collector/raw

Monad requires that all records are in JSON format which requires the raw endpoint to require each event to be a json object

Code
{}

Multiple Records

POST /services/collector or POST /services/collector/event

Code
{
  "event": {}
}
{
  "event": {}
}
{
  "event": {}
}

POST /service/collector/raw

Code
{}
{}
{}

Configuration

The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.

Settings

None.

Secrets

None.

API

To send a POST request to create this Monad HTTP Connector:

Code
curl -X 'POST' \
  '{base_url}/api/v2/{org_id}/inputs' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer {token}' \
  -H 'Content-Type: application/json' \
  -d '{
  "config": {
    "secrets": {},
    "settings": {}
  },
  "description": "input_description",
  "name": "input_name",
  "type": "monad-splunk-hec"
}'

Python Example

Code
import requests
import json

url = '{base_url}/services/collector'
headers = {
    'accept': 'application/json',
    'Content-Type': 'application/json',
    'Authorization': Splunk my_pipeline_id,
}
data = {
    'event': 
        {
            'dummy-key': 'dummy-data'
        }
}

response = requests.post(url, headers=headers, json=data)
print(json.dumps(response.json(), indent=2))

Last modified on May 19, 2026

Prometheus Remote Write Syslog

Monad

Splunk HEC Input

Accepts POSTed data directly to the Monad Splunk HEC endpoints.

Details

Prerequisites

There are no Prerequisites to start using the Splunk HEC input. Simply create a Splunk HEC Input and attach it to a pipeline.

Sending data

Sending data to a Splunk HEC input requires sending a POST request to the Monad API with a Splunk Authentication header.

The body of the request requires that records be put in the event key in an array of json objects for each record.

Note: When including multiple records, the format is line delimited JSON object

Authentication

All requests to the Splunk HEC endpoints require a Splunk authentication header to be set.

Code
Authorization: Splunk <pipeline-uuid>

Single record

POST /services/collector or POST /services/collector/event

The json object in event will be sent to the pipeline directly. All other fields supported by the Splunk HEC standard will be ignored.

Code
{
  "event": {}
}

POST /service/collector/raw

Monad requires that all records are in JSON format which requires the raw endpoint to require each event to be a json object

Code
{}

Multiple Records

POST /services/collector or POST /services/collector/event

Code
{
  "event": {}
}
{
  "event": {}
}
{
  "event": {}
}

POST /service/collector/raw

Code
{}
{}
{}

Configuration

The following configuration defines the input parameters. Each field's specifications, such as type, requirements, and descriptions, are detailed below.

Settings

None.

Secrets

None.

API

To send a POST request to create this Monad HTTP Connector:

Code
curl -X 'POST' \
  '{base_url}/api/v2/{org_id}/inputs' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer {token}' \
  -H 'Content-Type: application/json' \
  -d '{
  "config": {
    "secrets": {},
    "settings": {}
  },
  "description": "input_description",
  "name": "input_name",
  "type": "monad-splunk-hec"
}'

Python Example

Code
import requests
import json

url = '{base_url}/services/collector'
headers = {
    'accept': 'application/json',
    'Content-Type': 'application/json',
    'Authorization': Splunk my_pipeline_id,
}
data = {
    'event': 
        {
            'dummy-key': 'dummy-data'
        }
}

response = requests.post(url, headers=headers, json=data)
print(json.dumps(response.json(), indent=2))

Last modified on May 19, 2026

Prometheus Remote Write Syslog