HEC token for cloud and Enterprise both

splunkdivya · ‎02-06-2020

Hi Splunkers,

I need to send data through HEC token to on-prem as well as Cloud splunk instance.

Please help me with some pointers.

Thanks in advance

manjunathmeti · ‎02-06-2020

Please check this link: https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector. It contains all the steps to create token for both Splunk Enterprise and Splunk cloud.

splunkdivya · ‎02-06-2020

Hey @manjunathmethi, I need same single token for sending data simultaneously on the two instances.

manjunathmeti · ‎02-10-2020

@splunkdivya On Splunk cloud you can Enable HTTP Event Collector and create an Event Collector token. You can use same collection token ID in outputs.conf in app 'splunk_httpinput' ($SPLUNK_HOME/etc/apps/splunk_httpinput/local/) on on-prem splunk.

# Default settings
[http]
disabled = 0
port = 8088

[http://test_data]
description = HTTP event collector token for collecting data.
disabled = 0
index = main
indexes = main
sourcetype = test
token = <TOKEN>

HEC token for cloud and Enterprise both

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers

Are you a member of the Splunk Community?

HEC token for cloud and Enterprise both

Index This | Why did the turkey cross the road?

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

Feel the Splunk Love: Real Stories from Real Customers