You cannot create a new index during the setup process. The index that you choose to store events that HEC receives must already exist.
You cannot forward data that HEC receives to another set of Splunk indexers as Splunk Cloud Platform does not support forwarding output groups.You can only make settings changes to tokens that you create. You cannot make changes to global settings.Standard HEC is enabled by default on all Splunk Cloud Platform deployments and does not require a Splunk Support ticket. You must file a ticket with Splunk Support to enable HEC for use with Amazon Web Services (AWS) Kinesis Firehose.This is because Splunk Cloud Platform does not provide access to configuration files locally. If you need to use a configuration file to configure an HEC input, you must do this on a heavy forwarder, then forward the data to Splunk Cloud Platform.The following caveats apply to using HEC on a Splunk Cloud Platform instance: You can enable HEC on a Splunk Cloud Platform deployment. How it works depends on the type of Splunk platform instance you have. HTTP Event Collector runs on Splunk Cloud Platform and Splunk Enterprise.
SPLUNK ENTERPRISE VS SPLUNK CLOUD SOFTWARE
HEC functionality varies based on Splunk software type You do not need to include Splunk credentials in your app or supported files to access the Splunk platform instance. This process eliminates the need for a Splunk forwarder when you send application events.Īfter you enable HEC, you can use HEC tokens in your app to send data to HEC. You can generate a token and then configure a logging library or HTTP client with the token to send data to HEC in a specific format. HEC uses a token-based authentication model. The HTTP Event Collector (HEC) lets you send data and application events to a Splunk deployment over the HTTP and Secure HTTP (HTTPS) protocols. Set up and use HTTP Event Collector in Splunk Web
0 kommentar(er)
