Getting Data In

splunk universal forwerder to splunk enterprise with configured HEC (all on centos 7)

smstoyanov
New Member

Hello ,
i have spent couple of days to reach some proper loggin to HEC on my enterprise splunk but cant handle it.
I have configured also splunk app for infrastructure and i have added the host to be monitored . The logs are send to one of the HEC which is configured for em_metrics but i want to add additinal configuration on the universal forwarder to monitor some logs.
I can collect logs but over the splunk`s input on 9997/tcp . I want to reach it over the additianal HEC which i already have created on the enterprise instance.
Can you give me some example how to configure proper inputs.conf and outputs.conf to be send to my HEC.

0 Karma
1 Solution

renjith_nair
SplunkTrust
SplunkTrust

@smstoyanov ,

For http event collector, you have to configure the .conf files in $SPLUNK_HOME/etc/apps/splunk_httpinput/local/

Please refer here for all the details you need for configuring it
Using .conf file : http://dev.splunk.com/view/event-collector/SP-CAAAE6Q
Using CLI : http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/UseHECfromtheCLI
Using web : http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/UsetheHTTPEventCollector

View solution in original post

0 Karma

renjith_nair
SplunkTrust
SplunkTrust

@smstoyanov ,

For http event collector, you have to configure the .conf files in $SPLUNK_HOME/etc/apps/splunk_httpinput/local/

Please refer here for all the details you need for configuring it
Using .conf file : http://dev.splunk.com/view/event-collector/SP-CAAAE6Q
Using CLI : http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/UseHECfromtheCLI
Using web : http://docs.splunk.com/Documentation/Splunk/7.1.2/Data/UsetheHTTPEventCollector

View solution in original post

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!