Splunk SPLK-1005 Exam - Topic 9 Question 26 Discussion

Actual exam question for Splunk's SPLK-1005 exam

Question #: 26
Topic #: 9

How are HTTP Event Collector (HEC) tokens configured in a managed Splunk Cloud environment?

AAny token will be accepted by HEC, the data may just end up in the wrong index.

BA token is generated when configuring a HEC input, which should be provided to the application developers.

CObtain a token from the organization's application developers and apply it in Settings > Data Inputs > HTTP Event Collector > New Token.

DOpen a support case for each new data input and a token will be provided.

Show Suggested Answer

Suggested Answer: B

In a managed Splunk Cloud environment, HTTP Event Collector (HEC) tokens are configured by an administrator through the Splunk Web interface. When setting up a new HEC input, a unique token is automatically generated. This token is then provided to application developers, who will use it to authenticate and send data to Splunk via the HEC endpoint.

This token ensures that the data is correctly ingested and associated with the appropriate inputs and indexes. Unlike the other options, which either involve external tokens or support cases, option B reflects the standard procedure for configuring HEC tokens in Splunk Cloud, where control over tokens remains within the Splunk environment itself.

Splunk Cloud Reference: Splunk's documentation on HEC inputs provides detailed steps on creating and managing tokens within Splunk Cloud. This includes the process of generating tokens, configuring data inputs, and distributing these tokens to application developers.

Source:

Splunk Docs: HTTP Event Collector in Splunk Cloud Platform

Splunk Docs: Create and manage HEC tokens

by Casie at Mar 04, 2026, 10:37 AM

Limited Time Offer

25%

2 months ago

I think I remember that a token is generated when setting up HEC, but I'm not sure if it's just for developers or if we need to do something else with it.

upvoted 0 times

...