Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can I generate the HTTP Event Collector token on the Heavy Forwarder or Search Head?

sarnagar
Contributor
‎12-15-2016 04:28 AM

Where to set Splunk HTTP Event collector on which instance of Splunk?

Can I generate this HTTP Event Collector token on the Heavy Forwarder or Search Head?

When the application writes the data to splunk, will it write to the Heavy Forwarder?

0 Karma
Reply

fabiocaldas
Contributor
‎02-15-2018 08:44 AM

Hi sarnagar,

I'm using a cluster of Heavy Forwarders as HEC endpoints and I'm controlling it from master. I set my Heavy Forwarder to be a deployment client and I distribute HEC token from master to all of them !!

0 Karma
Reply

somesoni2
Revered Legend
‎12-15-2016 01:48 PM

You can generate/setup HTTP event Collector on Heavy forwarder. (can do in Search Head too but setting up on HF will reduce additional load on SH).

Reply

tkomatsubara_sp
Splunk Employee
Splunk Employee
‎12-15-2016 06:05 AM

See "Splunk 6.x Dashboard Examples" (Ver 6.0)
https://splunkbase.splunk.com/app/1603/

In the dashboard, you can find "Default Environment Tokens".
I didn't try, but it looks worth while to try.
For example: $env:instance_type$ = Splunk instance types

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...