KB 018 – Splunk Setting up HTTP EC

Splunk Setting up HTTP EC

Settings > Data inputs > HTTP Event Collector. Then click the Global Settings button in the upper-right corner. This will bring up the following configuration screen for EC:

Splunk Setting up HTTP EC

Click the Enable button, and then click Save. You’ve just turned on HTTP Event
Collector.

Note: For Splunk Cloud, you can turn on HTTP Event Collector using these instructions if your account is self-service or a trial. Otherwise, file a request ticket with Splunk Support.

Now that EC is turned on, create a new HTTP Event Collector token. From the HTTP Event Collector page, click the New Token button.

The Select Source screen of the Add Data workflow appears. This is where you name and describe the EC input, specify (if you want) a source field name to give to all data accepted with
this input’s token, and optionally specify an output group (a named group of Splunk indexers).

a named group of Splunk indexer

Splunk Setting up HTTP EC

34ACC472-B7D2-4279-8244-9369D05DB9A0

Download PDF version here