Edge Processors support the HTTP Event Collector (HEC). HEC is a mechanism that allows HTTP clients and logging agents to send data to the Splunk platform over HTTP or HTTPS. You can use HEC to send data programmatically and without requiring forwarders. If you already use HEC to ingest data in the Splunk platform, you can update your data ingestion workflow to use the Edge Processor solution. Send events from your HTTP clients and logging applications to an Edge Processor so that you can process your data before sending it to Splunk Enterprise, Splunk Cloud Platform, or other supported data destinations.

Edge Processors support the services/collector and services/collector/raw endpoints only. For more information about these HEC endpoints, see Usage information and examples for supported HEC endpoints in this topic and Input endpoint descriptions in the Splunk Enterprise REST API Reference Manual.

To get data from an HTTP client or logging agent into an Edge Processor using HEC, you must do the following:

1. Configure your Edge Processor to be able to receive data through HEC. See Activate the HEC receiver on your Edge Processor.
2. (Optional) Configure HEC token authentication in your Edge Processor to secure your HEC receiver. See Configure HEC token authentication in the Edge Processor service.
3. Configure your HTTP client or logging agent to send data to your Edge Processor by making HTTP POST requests to one of the supported HEC endpoints. See Send data to an Edge Processor using HEC.