- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Does anyone have luck processing heroku's https drain to a on-prem Splunk Enterprise indexer?
I'm currently using its syslog drain but want to add encryption and heroku https drain seem to be the only way.
From what I tell we'll need to setup a intermediate web server to process the https post from heroku, default splunk enterprise doesn't seem to have direct ingestion on http post.
Any recommendation is appreciated. Thanks
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Answering my own question. We ended up using a simple nginx server setup to just relay all the https POST into log files, and have a generic splunk universal forwarder on the nginx host to send the log over.
specific nginx setup is inspired by this stackoverflow post:
http://stackoverflow.com/questions/4939382/logging-post-data-from-request-body
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Answering my own question. We ended up using a simple nginx server setup to just relay all the https POST into log files, and have a generic splunk universal forwarder on the nginx host to send the log over.
specific nginx setup is inspired by this stackoverflow post:
http://stackoverflow.com/questions/4939382/logging-post-data-from-request-body
