Splunk Connect 4 Syslog - IDM

sunaryot · ‎03-29-2021

Does anyone know if HEC endpoint can be configured directly onto the IDM so SC4S traffic can be sent to it? It is tailor made for Splunk Cloud but I have not read anything that says that in their documentation.

richgalloway · ‎03-29-2021

The SC4S team recommends traffic be sent directly to HEC inputs on the indexers.

---
If this reply helps you, Karma would be appreciated.

sunaryot · ‎03-29-2021

In our splunk cloud environment, we currently do not have any indexers deployed since we have an IDM and multiple HFs. It is strongly recommended that we send the traffic to the HEC endpoints configured directly on the indexers but would it work by configuring the HEC endpoint on Splunk Cloud?

richgalloway · ‎03-29-2021

If you have Splunk Cloud then you have indexers. Configuring HEC input on Splunk Cloud puts the input on the indexers.

---
If this reply helps you, Karma would be appreciated.

s2_splunk · ‎03-29-2021

If you have a recently provisioned SplunkCloud stack, you have a HEC address provisioned and enabled for you already.

Your target HEC URL should be

http-inputs-{yourstackname}.splunkcloud.com

You will find more documentation here.

You should be able to send HEC traffic directly to this VIP address. If this doesn't work, please open a case with Splunk support.

Splunk Connect 4 Syslog - IDM

installation

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services