HTTP and HTTPS events can be created and delivered by web applications containing event metadata, such as time, host, and source, as well as other event data, found in the event key. The HEC makes it easy for app developers to add a minimal amount of code to their applications to send this data to Splunk. This is all done in a secure and efficient way, making it easy for application developers to be able to Splunk their application event data.

Typically, an application generates its own log file or uses Document Object Model (DOM) tagging to generate some relevant functional metrics. This is useful and still applicable to traditional multi-page web applications. However, web page development has moved forward in recent years, with a new framework called Single-Page Application (SPA). The advancement of SPA means most of an application's work in showing HTML results happens dynamically in the client's browser. Instead of going through different HTML pages, only one HTML page is loaded when the user interacts with the app.

This advance poses a dilemma for application data monitoring. Since most of the application's interactions now occur on the client side, server-side tracking adds less value. This is where the HEC comes into its own, since a short line of JavaScript code can push event data to Splunk. 

There are use cases other than web applications that may also find the HEC useful. For internal applications, the HEC can easily be utilized to keep track of events occurring in the client's UI. This is also viable for the increasingly ubiquitous Internet of Things (known as IoT, a network of devices with a variety of purposes that are hooked up to a network) for devices that can push data to other places.