What are the pros and cons of using the HTTP Event Collector (HEC) vs. a standard TCP input feed? We are looking to take data from Kafka and/or Apache Nifi, and trying to determine the best option.
Did you already visit - https://answers.splunk.com/answers/399363/why-would-i-use-the-http-event-collector-when-i-ca.html ?
View solution in original post
Don't forget the Kafka add ons. If you want a pull model there Splunk Add-on for Kafka. For a push model, I believe HEC is the recommended approach. There is also Kafka Messaging Modular Input written by a lead Splunker.
Related blog posts: http://blogs.splunk.com/?s=kafka
i converted this to an answer, please mark it as such.
This practice was discouraged in Stackoverflow, so I added it to only comments. But, love to get few reputations on this as well. Thanks!