Getting Data In

How to get HTTP Event Collectors enabled in Splunk Cloud?

jimathead
Engager

We are investigating Splunk Cloud for our browser apps performance and logging. To see if the HTTP Event Collectors would meet our needs, I created a trial account. When going through the set-up instructions, I read this line:

 Note: To turn on HTTP Event Collector in Splunk Cloud, file a request ticket with Splunk Support.

It seems that with a trial account, the web UI will not let me file a request ticket with Splunk. If it is possible to do so, I certainly cannot figure out HOW I would do that.

Can I get the HTTP Event Collectors enabled on my Splunk Cloud trial? Who should I contact and how. If this is not possible, please let me know and I will simply delete my trial account.

Thank you.

Jim

tdepuy
Path Finder
0 Karma

wfrankl2
Explorer

I have had Support open a ticket and it is fairly painless besides waiting on them to do it. We were able to send data immediately. The docs didn't used to tell you to open a ticket. We tried to create ourselves, but as mentioned before, there is the bug that it doesn't create the collector on the indexer so it won't work. That's why they have to create it. Not sure if that is fixed in 6.5, we are 6.4.1.2.

0 Karma

gblock_splunk
Splunk Employee
Splunk Employee

For self-service you still have to go into the HTTP Event Collector management UI and enable it. You can do this yourself.

For clustered you will need to work with support for enabling and for token management.

0 Karma

ncrisler
New Member

This can all be done by going to settings>Data Inputs>Add new

  1. Fill in Name then click next.
  2. Select index appropriate for your data (you can create a new index here if need be and choose that)
  3. Review to make sure everything is as it should be
  4. Copy down your Token

Next you will be ready to start sending your Data using the Http Event Collector

0 Karma

ChrisG
Splunk Employee
Splunk Employee

If you have a self-service Splunk Cloud account, HTTP Event Collector is available by default. If you have a managed Splunk Cloud account, you need to file a support ticket to have HTTP Event Collector enabled.

See Add data using HTTP Event Collector in the Splunk Cloud User Manual.

0 Karma

starcher
Influencer

They mentioned at conf that the Web UI was not updated yet for it. It will require a support ticket. One of the Splunk folks will have to reply on how to open a ticket for a trial account.

0 Karma

gblock_splunk
Splunk Employee
Splunk Employee

Hi @jimathead

You can now enable HTTP Event Collector now in trial via the Splunk UI.

There is a known issue with the cert we use for cloud trial, so depending on which stack you are using to send the data, you might hit into issues, or you might not.

curl definitely will work.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...