splunk-hec-handler

raw JSON →
1.2.0 verified Fri May 01 auth: no python

A Python logging handler that sends logs to Splunk via HTTP Event Collector (HEC). Current version 1.2.0, maintained on GitHub with occasional updates.

pip install splunk-hec-handler

Common errors

error ModuleNotFoundError: No module named 'splunk_hec_handler'
cause Package not installed or import name misspelled (underscore vs hyphen). Correct import is 'splunk_hec_handler' (underscores).
fix
Install with 'pip install splunk-hec-handler' and import with 'from splunk_hec_handler import SplunkHecHandler'.
error AttributeError: module 'splunk_hec_handler' has no attribute 'SplunkHecHandler'
cause Incorrect import style (e.g., import splunk_hec_handler then splunk_hec_handler.SplunkHecHandler should work; but if using old version or typo, fails).
fix
Use 'from splunk_hec_handler import SplunkHecHandler'.

Warnings

gotcha The handler uses HTTP POST by default. If your Splunk HEC endpoint uses HTTPS with a self-signed certificate, you must set verify=False or provide a CA bundle.
fix Initialize handler with verify=False (not recommended for production) or pass a valid cert path.
gotcha The handler silently drops logs if HEC token is invalid or endpoint unreachable, unless you add a custom error handler.
fix Add a custom error handler via logging.Handler.handleError or monitor your Splunk HEC endpoint for 401/403 errors.

Imports

Quickstart

Basic setup: create handler with HEC URL and token, add to logger, log a test message.

import logging
from splunk_hec_handler import SplunkHecHandler

logger = logging.getLogger('splunk')
logger.setLevel(logging.DEBUG)
handler = SplunkHecHandler(
    'https://splunkhec.example.com',
    token='your-hec-token',
    source='python',
    sourcetype='json',
    index='main'
)
logger.addHandler(handler)
logger.info('Test message')
last verified Fri May 01
next check Thu Jul 30