Auth0-Splunk Integration

Problem statement

As per the Splunk community post:

“For Splunk Cloud customers, the standard HEC URI is:
https://http-inputs-customer_stack.splunkcloud.com/services/collector

If you are using AWS Firehose, then you will have a second HEC URL:
https://http-inputs-firehose-customer_stack.splunkcloud.com/services/collector

Please note that Splunk Cloud customers do NOT need to specify port 8088, all HEC traffic goes over port 443 (standard SSL).

For customers running HEC on their own deployments or using the Splunk test drive instance, then port 8088 will need to be specified:
https://input-prd-uniqueid.cloud.splunk.com:8088/services/collector”

We are using the Splunk Cloud instance and believe that we do not need to specify the port number. When I execute provided CURL request without the port number, it works.

curl --location --request POST 'https://http-input-XXXXXX.splunkcloud.com/services/collector'; \
--header 'Authorization: Splunk <token value> \
--header 'Content-Type: application/json' \
--data-raw '{"event": "Hello, world!", "sourcetype": "manual"}'

However, when I try to create Splunk integration, it does not allow creating integration without a port number.

Solution

If you are using the cloud instance in Splunk, you don’t need to specify the port number on a cURL request, which by default, runs on port 443. But for Auth0 integration, you need to set the 443 port in the Auth0 dashboard.