Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

splunk universal forwerder to splunk enterprise with configured HEC (all on centos 7)

smstoyanov
New Member
‎07-30-2018 12:49 AM

Hello ,
i have spent couple of days to reach some proper loggin to HEC on my enterprise splunk but cant handle it.
I have configured also splunk app for infrastructure and i have added the host to be monitored . The logs are send to one of the HEC which is configured for em_metrics but i want to add additinal configuration on the universal forwarder to monitor some logs.
I can collect logs but over the splunk`s input on 9997/tcp . I want to reach it over the additianal HEC which i already have created on the enterprise instance.
Can you give me some example how to configure proper inputs.conf and outputs.conf to be send to my HEC.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

renjith_nair
Legend
‎07-30-2018 04:07 AM

@smstoyanov ,

For http event collector, you have to configure the .conf files in $SPLUNK_HOME/etc/apps/splunk_httpinput/local/

Please refer here for all the details you need for configuring it
Using .conf file : http://dev.splunk.com/view/event-collector/SP-CAAAE6Q
Using CLI : http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/UseHECfromtheCLI
Using web : http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/UsetheHTTPEventCollector

---
What goes around comes around. If it helps, hit it with Karma 🙂

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

renjith_nair
Legend
‎07-30-2018 04:07 AM

@smstoyanov ,

For http event collector, you have to configure the .conf files in $SPLUNK_HOME/etc/apps/splunk_httpinput/local/

Please refer here for all the details you need for configuring it
Using .conf file : http://dev.splunk.com/view/event-collector/SP-CAAAE6Q
Using CLI : http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/UseHECfromtheCLI
Using web : http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/UsetheHTTPEventCollector

---
What goes around comes around. If it helps, hit it with Karma 🙂
0 Karma
Reply
Get Updates on the Splunk Community!

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

We’ve been buzzing with excitement about the recent validation of Splunk Education! The 2024 Splunk Career ...

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...