If you’ve set up data forwarding via Splunk but events aren’t being sent, here are a couple of things to check:

  1. The instance URL is incorrect. Double check the format:
    • If you’re using Splunk cloud, this is the format
    • if you’re hosting Splunk yourself, this is the format:
    • See the full documentation here for more information
  2. Double check that in your Splunk configuration the HEC status is enabled. See this screenshot for what it should look like:


