All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk MINT: How can i set up duplicated HTTP Event Collector server? (Active - Active)

sky9214
Engager
‎12-28-2016 06:17 PM

I want to send the Splunk MINT event log to each Http Event Collector?

Is there a way to set up two tokens on SDK?

0 Karma
Reply

croyal_splunk
Splunk Employee
Splunk Employee
‎01-03-2017 11:16 AM

You cannot set up 2 tokens on the same project integrated with a MINT SDK. This will not work.

0 Karma
Reply

gjanders
SplunkTrust
SplunkTrust
‎12-31-2016 05:17 AM

Your question appears to be slightly confusing, you refer to a duplicated HTTP event collector server, however the HTTP event collector is just another Splunk input, therefore the only way to run an active/active scenario would be 2 universal forwarders or 2 heavy forwarders. It would not make sense to run multiple http event collector ports on the same instance of Splunk.

The latter part of your question mentions two tokens on the SDK, I assume your again referring to the HTTP event collector ? You would use the same token on 2 forwarders if you were doing active/active, and then you would add additional tokens if required.

The inputs.conf documentation is here refer to the http event collector section. Or refer to the http event collector documentation

You will need something to load balance between the 2 servers, I use a load balancer server to distribute traffic to 2 heavy forwarders, however you could also do this using universal forwarders as per this Splunk blog post comparing heavy vs universal forwarders.

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Get Updates on the Splunk Community!

Community Content Calendar, November Edition

Welcome to the November edition of our Community Spotlight! Each month, we dive into the Splunk Community to ...

October Community Champions: A Shoutout to Our Contributors!

As October comes to a close, we want to take a moment to celebrate the people who make the Splunk Community ...

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

What are Community Office Hours? Community Office Hours is an interactive 60-minute Zoom series where ...