How to log to HTTP Event Collector using the HTTP Event Collector Stream for Bunyan

The main purpose of the HTTP Event Collector Stream for Bunyan is to log event data to HTTP Event Collector (HEC) running on Splunk Enterprise or on Splunk Cloud. This topic covers a basic example that is included in the HTTP Event Collector Stream for Bunyan repo. The example shows how to create a Bunyan stream to package and send events to HEC. The basic.js example is included in the examples directory of the HTTP Event Collector Stream for Bunyan package, and it has also been pasted below.

Note: The examples are not installed when using the npm installation method. To obtain copies of the examples, download the Splunk HTTP Event Collector stream for Bunyan package.

Example walkthrough

This example includes logic to send data to HTTP Event Collector on Splunk Enterprise or Splunk Cloud by creating a Bunyan stream.

First, we add require statements for Bunyan and the HEC stream for Bunyan.

Then, we declare a config variable to store the configuration information for the Splunk Enterprise instance or Splunk Cloud server. Only the token property is required, but in this example, we've set the token and url properties.

Next, we create a Bunyan stream (splunkStream), plus an error handler.

Then, we create a logger (Logger) using the bunyan.createLogger() function, including a streams array as one of its inputs. Inside the streams array, we include splunkStream.

Next, we define the event payload in the payload variable. We've added fields for the event data itself (temperature and chickenCount in this case. Then we added several special keys to specify metadata that is to be assigned to the event data when HTTP Event Collector receives it. If any of these values (source, sourcetype, and so on) differ from the default values on the server, the values specified here will override the default values. Of course, your JavaScript app will determine what goes into the actual payload contents.

Finally, use the Logger's info function to send the payload along with a status message.


 * Copyright 2015 Splunk, Inc.
 * Licensed under the Apache License, Version 2.0 (the "License"): you may
 * not use this file except in compliance with the License. You may obtain
 * a copy of the License at
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations
 * under the License.

 * This example shows basic usage of the Splunk
 * Bunyan logger.

// Change to require("splunk-bunyan-logger");
var splunkBunyan = require("../index");
var bunyan = require("bunyan");

 * Only the token property is required.
var config = {
    token: "your-token-here",
    url: "https://localhost:8088"
var splunkStream = splunkBunyan.createStream(config);

splunkStream.on("error", function(err, context) {
    // Handle errors here
    console.log("Error", err, "Context", context);

// Setup Bunyan, adding splunkStream to the array of streams
var Logger = bunyan.createLogger({
    name: "my logger",
    streams: [

// Define the payload to send to HTTP Event Collector
var payload = {
    // Our important fields
    temperature: "70F",
    chickenCount: 500,

    // Special keys to specify metadata for HTTP Event Collector
    source: "chicken coop",
    sourcetype: "httpevent",
    index: "main",
    host: "farm.local"

 * Since maxBatchCount is set to 1 by default, calling send
 * will immediately send the payload.
 * The underlying HTTP POST request is made to
 *     https://localhost:8088/services/collector/event/1.0
 * with the following body
 *     {
 *         "source": "chicken coop",
 *         "sourcetype": "httpevent",
 *         "index": "main",
 *         "host": "farm.local",
 *         "event": {
 *             "message": {
 *                 "chickenCount": 500
 *                 "msg": "Chicken coup looks stable.",
 *                 "name": "my logger",
 *                 "put": 98884,
 *                 "temperature": "70F",
 *                 "v": 0
 *             },
 *             "severity": "info"
 *         }
 *     }
console.log("Sending payload", payload);, "Chicken coup looks stable.");