Security

HEC token management for HA

deepashri_123
Motivator

Hi Splunkers,

We have a distributed environment with 2SH, 2 indexers and 1 master.
We need to set up HEC with HA. Currently my HEC is available on my indexers.
I would like to know if the indexers are restarted will there be data loss ?

Also what factors to be considered for security?

Below is a similar question :
https://answers.splunk.com/answers/424299/architecting-ha-in-a-small-hec-http-event-collecto.html
Any help would be appreciated!
Thanks in advance.

0 Karma

harsmarvania57
SplunkTrust
SplunkTrust

Hi @deepashri_123,

Based on documentation http://dev.splunk.com/view/event-collector/SP-CAAAE73, Note: Using HTTP Event Collector in a distributed deployment is incompatible with indexer clustering. Specifically, cluster peers are not supported as deployment clients.

So in this case you require Heavy Forwarders and setup HEC on those machines.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...