I need to collect data using HEC from an Internet source into my on-prem Splunk environment. It looks like I can run HEC on a Heavy Forwarder and then forward the collected data to my indexer cluster.
I will use https so the communication is encrypted and DNS and networking/firewall shouldn't be a problem.
Any gotchas or issues using a HF with HEC in a DMZ to collect and forward data to an on-prem indexer cluster?
