Security
Highlighted

HEC token management for HA

Motivator

Hi Splunkers,

We have a distributed environment with 2SH, 2 indexers and 1 master.
We need to set up HEC with HA. Currently my HEC is available on my indexers.
I would like to know if the indexers are restarted will there be data loss ?

Also what factors to be considered for security?

Below is a similar question :
https://answers.splunk.com/answers/424299/architecting-ha-in-a-small-hec-http-event-collecto.html
Any help would be appreciated!
Thanks in advance.

0 Karma
Highlighted

Re: HEC token management for HA

SplunkTrust
SplunkTrust

Hi @deepashri_123,

Based on documentation http://dev.splunk.com/view/event-collector/SP-CAAAE73, Note: Using HTTP Event Collector in a distributed deployment is incompatible with indexer clustering. Specifically, cluster peers are not supported as deployment clients.

So in this case you require Heavy Forwarders and setup HEC on those machines.

0 Karma