Getting Data In

forwarding baked HEC traffic between two Splunk Entreprise Instances



I would like to forward data between two splunk instances in clear text. For that I use HEC. This is my outputs.conf . 


httpEventCollectorToken = <HEC_TOKEN>
uri = http://hec_target:8088


I would like to inspect the events with a third party application, but they appear to be encoded in s2s. Also this configuration sends the events to the /services/collector/s2s endpoint, which is not the same one would forward clear text (JSON) events to. Is there any way to send the events in a readable format?

I am aware there is syslog output. I would try it if there is no possibility to change the HEC output accordingly. 

Thanks in advance.

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud | Unified Identity - Now Available for Existing Splunk ...

Raise your hand if you’ve already forgotten your username or password when logging into an account. (We can’t ...

Index This | How many sides does a circle have?

February 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

Registration for Splunk University is Now Open!

Are you ready for an adventure in learning?   Brace yourselves because Splunk University is back, and it's ...