Getting Data In

HTTP Event Collector on Heavy forwared

riqbal47010
Path Finder

I want to configure HTTP Event collector on one of the Heavy forwarder.
initially i create the app with named splunk_httpinput

inputs.conf

[http]
useDeploymentServer = 1
index = hec

for outputs.conf , I will use the standard app to forward logs to indexer cluster.

Tags (1)
0 Karma

adonio
Ultra Champion

what is the question?

0 Karma

riqbal47010
Path Finder

I have distributed environment and I configure the HEC on one of the heavy forwarder.
i already create one app on deployment server and enable the following parameters in

inputs.conf file.

[http]

useDeploymentServer = 1

After that I login to Deployment server and generate the token. that token parameters are also reflecting in /opt/splunk/etc/deployment_apps/splunk_httpinput/local/inputs.conf

My goal is to receive HTTP event on Heavy forwarder and forward them to Indexer cluster.

so my question is :

1- I already created on app named splunk_httpinput on CM with indexes.conf file but it is not pushig. So what is missing part here.

2- its mandatory to created outputs.conf file in splunk_httinput app or my default outputs.conf app will handle this part.

Hope this clears the road .

0 Karma

teunlaan
Contributor

We collect HEC on a heavy, and enable it in the following way

1) enable hec on the heavy splunk http-event-collector enable
2) push the rest of the setting By the deployment server.

So it the app isn't pushed, did you configure the serverclass?
Also please use a different app name, like 'splunk_httpinput-custom' so you're 100% sure it won't overwrite the settings on your heavy

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...