I am trying to figure out how to configure my cluster master to generate a token and HEC configuration information/files to my index cluster. The documentation is not clear as to how this is done. I believe, in the global settings for the token, I can configure the ouptpuGroup with the indexers in my cluster and thereby load-balancing across the bunch of them. Not sure about the configuration needed to do this.
While creating a new HEC token from the master cluster portal, the HEC token generated is located in master cluster VM in the following path= /opt/splunk/etc/apps/splunk_httpinput/local/inputs.conf.
How should we push the HEC token from master cluster to the indexer peer using Config bundle action? Should we manually copy the inputs.conf from /opt/splunk/etc/apps/splunk_httpinput/local to /opt/splunk/etc/master-apps/splunk_httpinput/local and then Validate and push the config bundle to indexer?