Prisma Cloud Compute: Enabling HTTPS for Splunk HEC Using Cloudflare

Prisma Cloud Compute: Enabling HTTPS for Splunk HEC Using Cloudflare

259
Created On 01/20/26 16:52 PM - Last Modified 02/18/26 16:16 PM


Objective


This guide explains how to quickly expose a self-hosted Splunk HTTP Event Collector (HEC) over HTTPS using Cloudflare Tunnel, without configuring SSL certificates or purchasing a domain. This is ideal for testing or short-term integrations that require HTTPS.

Environment


  • Prisma Cloud Enterprise Edition
  • Splunk

Procedure


When to Use This:

  • Splunk HEC is running on HTTP (port 8088)

  • An integration (e.g., Prisma Cloud) requires HTTPS

  • No domain or SSL certs are available

How It Works :

Cloudflare provides a temporary HTTPS endpoint and securely forwards traffic to your local HTTP-based Splunk HEC.

Prerequisites:

  • Splunk Enterprise installed

  • HEC enabled and listening on http://localhost:8088

  • Valid HEC token

  • Access to the Splunk host

  • cloudflared installed

Steps:

  1. Start the Cloudflare Tunnel
          cloudflared tunnel --url http://localhost:8088        
   2. Copy the Generated HTTPS URL
      Cloudflare will output something like: 
            https://<random-name>.trycloudflare.com
   3. Use This as Your HEC Endpoint
             https://<random-name>.trycloudflare.com/services/collector
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA1Ki000000wkLGKAY&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail