Add a Splunk Cloud log stream

Before you begin

Before you can create a log stream, you must first create an HTTP Event Collector (HEC) token on Splunk Cloud. See Set up and use HTTP Event Collector in Splunk Web.

When you create the HEC token, don't select the checkbox Enable indexer acknowledgment. Okta log streaming doesn't support this feature.

Add a Splunk Cloud HEC to Okta log streaming

  1. Sign in to your Okta org as a super admin.

  2. In the Admin Console, go to ReportsLog Streaming. This page shows all of the log stream targets available in your org.

  3. Click Add Log Stream to start the log stream wizard.

  4. Select Splunk Cloud from the catalog. Click Next.

  5. Fill in the configuration details for your Splunk Cloud log stream:

    • Name: Provide a unique name for this log stream in Okta.

    • Splunk Edition: Select the edition.

    • Host: Enter the domain for your Splunk Cloud instance. For example,

    • HEC Token: The token from your Splunk Cloud HTTP Event Collector (HEC).

  6. Click Save. You receive a confirmation message.

The log stream that you just added appears on the Log Streaming page with its status as Active.

Related topics

Edit the status of your log stream