Python class to submit events to Splunk HTTP Event Collector
Switch branches/tags
Nothing to show
Clone or download
georgestarcher Update
add other methods to the Retry list
Latest commit 84ee04e Sep 10, 2018

Python Class for Sending Events to Splunk HTTP Event Collector

Version/Date: 1.5 2018-03-16

Author: George Starcher (starcher) Email:

Thanks to Chandler Newby for getting this into the threaded design. Thanks to Paul Miller for the pip support.

This code is presented AS IS under MIT license.


This is a python class file for use with other python scripts to send events to a Splunk http event collector.

Supported product(s):

  • Splunk v6.3.X+
  • Splunk v6.4.X+ for the raw input option

Using this Python Class

Configuration: Manual

You will need to put this with any other code and import the class as needed. Instantiate a copy of the http_event_collector object and use to generate and submit payloads as you see in the example main() method.

Configuration: With pip

pip install git+git://

Once installed you can start python then

from splunk_http_event_collector import http_event_collector

HEC Collector level index and sourcetype

hec_server.index = "test"
hec_server.sourcetype = "syslog"

This works for either RAW or JSON. JSON has the option of the normal existing behavior to override per event by placing in the payload as shown in


  • You can use the sendEvent() method to send data immediately.
  • It is more efficient to use the batchEvent() and flushBatch() methods to submit multiple events at once across multiple threads.
  • You must call flushBatch() if using batchEvent() or you risk exiting your code before all threads have flushed their data to Splunk.
  • There is now an optional input_type when declaring your HEC server. It defaults to the normal JSON event format but adds raw support.
  • Added a pop null fields option. Defaults to False to preserve existing class behavior.