Send event data to Splunk in .NET 5.0

Vahid Farahmandian
2 min readJul 14, 2021

Splunk (the product) captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.

Source Code: jinget-dotnet5-splunk-sample |


  1. You have already enabled the HTTP input endpoint
  2. You have already obtained the HEC(Http Endpoint Connector) token.

If not please refer to: Set up and use HTTP Event Collector in Splunk Web

In order to send event data to Splunk you do not have very difficult way. Just follow these steps:

  1. Take care of invalid SSL certificates

If you are using invalid or self signed certificates, prior to calling any Splunk API, you need to suppress the SSL error. You can suppress it as following:

HttpClientHandler clientHandler = new()
ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => true

And then simply pass the clientHandler to your HttpClient class constructor:

var httpClient = new HttpClient(clientHandler);

2. Call the API

Ok now we are ready to call Splunk APIs. In order to send an event to Splunk we can do as following:

httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(“Splunk”, “HEC Token”);//data should send via ‘event’ object
var data = JsonConvert.SerializeObject(new { @event = myData});
var stringContent = new StringContent(data, Encoding.UTF8, “application/json”);
var response = await httpClient.PostAsync(“{schema}://{url}:{port}/services/collector”, stringContent);

schema: If Enable SSL option is selected then https otherwise http

url: Url to access your Splunk website, without its port number

port: HTTP Port Number that is entered in General settings section in Splunk

Using this approach without installing any third party library, you are able to connect to Splunk and start communicating with it.

Full source code is available on my GitHub page at: jinget-dotnet5-splunk-sample |