Splunk Core Certified Consultant — Question 11

How are HTTP Event Collector (HEC) tokens configured in a managed Splunk Cloud environment?

Answer options

• A. Any token will be accepted by HEC, the data may just end up in the wrong index.
• B. A token is generated when configuring a HEC input, which should be provided to the application developers.
• C. Obtain a token from the organization’s application developers and apply it in Settings > Data Inputs > HTTP Event Collector > New Token.
• D. Open a support case for each new data input and a token will be provided.

Correct answer: B

Explanation

The correct answer is B because a token is specifically generated when setting up a HEC input, which is essential for proper data ingestion. Option A is incorrect since it suggests any token is acceptable, which can lead to data misplacement. Option C is wrong as it implies obtaining tokens from developers instead of configuring them during input setup, and option D is not accurate since HEC tokens should be generated internally without needing support cases.