These docs are specific to a Splunk Cloud (self-service) instance. For more details on the HEC endpoint, see the official docs.
- In your Splunk instance, navigate to Settings -> Data Inputs -> HTTP Event Collector
- Create a new token; enter a name ("sentry") and select an index ("main")
- Under Global Settings, Enable the HEC endpoint noting the port (8088), and SSL requirement (true)
- In Sentry, enable the Splunk plugin, and paste the newly acquired token.
- For the endpoint, use https://input-[splunk-instance].cloud.splunk.com:8088
- Ensure that enable indexer acknowledgement is not checked.