https://community.splunk.com/t5/Deployment-Architecture/HEC-HWF-behind-AWS-Loadbalancer-ELB-or-ALB/m-p/613299#M26144 <P>From personal experience I use application loadbalancers for all of my HEC endpoints exposed to the internet. Via loadbalancer configuration I expose TCP port 443 to the internet and forward TCP port 8088 (standard HEC port) to backend EC2 instances acting as Heavy Forwarders.</P><P>The security group attached to the loadbalancer allows inbound traffic from the external sources I expect (mainly AWS Kinesis Firehose address space) and the outbound portion of the security group rule allows communication with the subnets my EC2 instances sit in.</P><P>For healthcheck monitoring on the target group I monitor this endpoint "/services/collector/health" over HTTPS for successful HTTP response codes 200-299 with a 5 second timeout.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 15 Sep 2022 21:40:32 GMT TheColorBlack 2022-09-15T21:40:32Z https://community.splunk.com/t5/Deployment-Architecture/HEC-HWF-behind-AWS-Loadbalancer-ELB-or-ALB/m-p/532566#M18322 <P>Hello all. I am wondering what’s the best choice for putting the HTTP event collector behind an AWS load balancer. It would seem to me that an application load balancer would be appropriate for HTTP traffic, as opposed to a traditional load balancer.<BR /><BR /></P><P>thoughts?</P><P>&nbsp;</P> Thu, 10 Dec 2020 00:58:59 GMT https://community.splunk.com/t5/Deployment-Architecture/HEC-HWF-behind-AWS-Loadbalancer-ELB-or-ALB/m-p/532566#M18322 brent_weaver 2020-12-10T00:58:59Z https://community.splunk.com/t5/Deployment-Architecture/HEC-HWF-behind-AWS-Loadbalancer-ELB-or-ALB/m-p/612016#M26105 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/72642">@brent_weaver</a>,</P><P>Just wondering what you ended up using and how it went?</P> Tue, 06 Sep 2022 03:48:30 GMT https://community.splunk.com/t5/Deployment-Architecture/HEC-HWF-behind-AWS-Loadbalancer-ELB-or-ALB/m-p/612016#M26105 MKozanic 2022-09-06T03:48:30Z https://community.splunk.com/t5/Deployment-Architecture/HEC-HWF-behind-AWS-Loadbalancer-ELB-or-ALB/m-p/613299#M26144 <P>From personal experience I use application loadbalancers for all of my HEC endpoints exposed to the internet. Via loadbalancer configuration I expose TCP port 443 to the internet and forward TCP port 8088 (standard HEC port) to backend EC2 instances acting as Heavy Forwarders.</P><P>The security group attached to the loadbalancer allows inbound traffic from the external sources I expect (mainly AWS Kinesis Firehose address space) and the outbound portion of the security group rule allows communication with the subnets my EC2 instances sit in.</P><P>For healthcheck monitoring on the target group I monitor this endpoint "/services/collector/health" over HTTPS for successful HTTP response codes 200-299 with a 5 second timeout.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 15 Sep 2022 21:40:32 GMT https://community.splunk.com/t5/Deployment-Architecture/HEC-HWF-behind-AWS-Loadbalancer-ELB-or-ALB/m-p/613299#M26144 TheColorBlack 2022-09-15T21:40:32Z