(Optional) In the Description field, enter a description for the input.(Optional) In the Source name override field, enter a name for a source to be assigned to events that this endpoint generates.In the Name field, enter a name for the token.The token is not ready for use until distribution has completed. Splunk Cloud Platform distributes the token across the deployment. To use HEC, you must configure at least one token. HTTP Event Collector is enabled by default on Splunk Cloud Platform.Ĭreate an Event Collector token on Splunk Cloud Platform You can create, modify, delete, enable, and disable HEC tokens.Įnable HTTP Event Collector on Splunk Cloud Platform HEC is enabled by default in Splunk Cloud Platform. If a forwarding output group configuration exists on a Splunk Enterprise instance, HEC forwards the data to indexers in that output group.Ĭonfigure HTTP Event Collector on Splunk Cloud Platform HEC uses the source, source type, and index that was specified in the token. HEC receives the events and indexes them based on the configuration of the token. If HEC receives a valid token, it accepts the connection and the client can deliver its payload of application events in either text or JavaScript Object Notation (JSON) format. When the clients connect, they present this token value. Agents and clients use a token to authenticate their connections to HEC. Each token has a unique value, which is a 128-bit number that is represented as a 32-character globally unique identifier (GUID). Tokens are entities that let logging agents and HTTP clients connect to the HEC input. How the Splunk platform uses HTTP Event Collector tokens to get data in You can use the deployment server to distribute HEC tokens across indexers in a distributed deployment.įor instructions on how to enable and manage HEC on Splunk Enterprise, see Configure HTTP Event Collector on Splunk Enterprise.HEC can forward events to another Splunk indexer with an optional forwarding output group.HEC can accept events that you send to it over the HTTP protocol in addition to the HTTPS protocol.It offers the following additional benefits over HEC on Splunk Cloud Platform: HEC offers full configurability and functionality on the Splunk Enterprise platform on-premises. After you create tokens, you can monitor progress of the token as it is deployed across your Splunk Cloud Platform instance.įor instructions on how to enable and manage HEC on Splunk Cloud Platform, see Configure HTTP Event Collector on Splunk Cloud.Indexer acknowledgment is only available for AWS Kinesis Firehose at this time.You cannot create a new index during the setup process. The index that you choose to store events that HEC receives must already exist.You cannot forward data that HEC receives to another set of Splunk indexers as Splunk Cloud Platform does not support forwarding output groups.You can only make settings changes to tokens that you create. You cannot make changes to global settings.Standard HEC is enabled by default on all Splunk Cloud Platform deployments and does not require a Splunk Support ticket. You must file a ticket with Splunk Support to enable HEC for use with Amazon Web Services (AWS) Kinesis Firehose.This is because Splunk Cloud Platform does not provide access to configuration files locally. If you need to use a configuration file to configure an HEC input, you must do this on a heavy forwarder, then forward the data to Splunk Cloud Platform.The following caveats apply to using HEC on a Splunk Cloud Platform instance: You can enable HEC on a Splunk Cloud Platform deployment. How it works depends on the type of Splunk platform instance you have. HTTP Event Collector runs on Splunk Cloud Platform and Splunk Enterprise. HEC functionality varies based on Splunk software type You do not need to include Splunk credentials in your app or supported files to access the Splunk platform instance. This process eliminates the need for a Splunk forwarder when you send application events.Īfter you enable HEC, you can use HEC tokens in your app to send data to HEC. You can generate a token and then configure a logging library or HTTP client with the token to send data to HEC in a specific format. HEC uses a token-based authentication model. The HTTP Event Collector (HEC) lets you send data and application events to a Splunk deployment over the HTTP and Secure HTTP (HTTPS) protocols. Set up and use HTTP Event Collector in Splunk Web
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |