Hi Splunkers,
I need to send data through HEC token to on-prem as well as Cloud splunk instance.
Please help me with some pointers.
Thanks in advance
Please check this link: https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector. It contains all the steps to create token for both Splunk Enterprise and Splunk cloud.
Hey @manjunathmethi, I need same single token for sending data simultaneously on the two instances.
@splunkdivya On Splunk cloud you can Enable HTTP Event Collector and create an Event Collector token. You can use same collection token ID in outputs.conf in app 'splunk_httpinput' ($SPLUNK_HOME/etc/apps/splunk_httpinput/local/) on on-prem splunk.
# Default settings
[http]
disabled = 0
port = 8088
[http://test_data]
description = HTTP event collector token for collecting data.
disabled = 0
index = main
indexes = main
sourcetype = test
token = <TOKEN>