ActionSplunkUpdated May 2026
How do I send an event to Splunk?
Short answer: Drop the "Splunk → Splunk Send Event (HEC)" action anywhere in your workflow, map the inputs from upstream nodes, and publish.
Inputs
The fields this action accepts.
Every field can be mapped from an upstream trigger, AI step, table row, or hard-coded literal.
| Field | Type | Required | Description |
|---|---|---|---|
Event Data event | json | Required | Event Data. (JSON object). e.g. "{ "message": "User logged in", "user": "john" }" |
Source source | string | Optional | Source. e.g. "my-app" |
Source Type sourcetype | string | Optional | Source Type. e.g. "_json" |
Index index | string | Optional | Index. e.g. "main" |
Sample request
{"event": "{ \"message\": \"User logged in\", \"user\": \"john\" }","source": "my-app","sourcetype": "_json","index": "main"}
Returns
{"code": 0,"text": "Success"}
Use these fields in downstream nodes for routing, logging, or error handling.
Triggered by
Apps that pair well as the trigger for Splunk Send Event (HEC).
Any of these apps can fire this action as part of a workflow.
FAQ
Questions about Splunk Send Event (HEC).
What does the Splunk Send Event (HEC) action do in Splunk?
Pushes an event into Splunk via HTTP Event Collector with source, sourcetype, index, host, time. The standard hook for application-event ingestion into SIEM/observability workflows.
What inputs does Splunk Send Event (HEC) require?
Required: Event Data. Every input accepts a static value or a variable from any upstream node in your workflow.
Can I use dynamic inputs from earlier workflow nodes?
Yes. Any field on this action can pull values from upstream nodes, whether that's a form response, a trigger payload, an AI output, or a lookup result.
What happens if Splunk returns an error?
The workflow pauses on the failed node, the error message is captured in the run log, and you can retry the run with one click. Auto-retry policies are configurable per workflow with exponential backoff up to 5 attempts.
Does Splunk Send Event (HEC) support batch operations?
Yes. Run Splunk Send Event (HEC) inside a Loop node to process arrays. Tiny Command handles Splunk's rate limits automatically so you don't have to throttle manually.
Send splunk send event (hec) from your workflows.
Triggered by anything in the catalog. Free tier available. No credit card.
