Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk universal forwerder to splunk enterprise with configured HEC (all on centos 7)

smstoyanov
New Member
‎07-30-2018 12:49 AM

Hello ,
i have spent couple of days to reach some proper loggin to HEC on my enterprise splunk but cant handle it.
I have configured also splunk app for infrastructure and i have added the host to be monitored . The logs are send to one of the HEC which is configured for em_metrics but i want to add additinal configuration on the universal forwarder to monitor some logs.
I can collect logs but over the splunk`s input on 9997/tcp . I want to reach it over the additianal HEC which i already have created on the enterprise instance.
Can you give me some example how to configure proper inputs.conf and outputs.conf to be send to my HEC.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
Legend
‎07-30-2018 04:07 AM

@smstoyanov ,

For http event collector, you have to configure the .conf files in $SPLUNK_HOME/etc/apps/splunk_httpinput/local/

Please refer here for all the details you need for configuring it
Using .conf file : http://dev.splunk.com/view/event-collector/SP-CAAAE6Q
Using CLI : http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/UseHECfromtheCLI
Using web : http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/UsetheHTTPEventCollector

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

renjith_nair
Legend
‎07-30-2018 04:07 AM

@smstoyanov ,

For http event collector, you have to configure the .conf files in $SPLUNK_HOME/etc/apps/splunk_httpinput/local/

Please refer here for all the details you need for configuring it
Using .conf file : http://dev.splunk.com/view/event-collector/SP-CAAAE6Q
Using CLI : http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/UseHECfromtheCLI
Using web : http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/UsetheHTTPEventCollector

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Your Guide to SPL2 at .conf24!

So, you’re headed to .conf24? You’re in for a good time. Las Vegas weather is just *chef’s kiss* beautiful in ...