Splunk® Supported Add-ons

Splunk Add-on for Amazon Kinesis Firehose

Download manual as PDF

Download topic as PDF

Configure HTTP event collector for the Splunk Add-on for Amazon Kinesis Firehose on a single-instance Splunk Enterprise deployment

Prerequisite

Steps

  1. Decide what index you want to use to collect your Amazon Kinesis Firehose data. Ensure that this index is enabled and active. Sending data to a disabled or deleted index results in dropped events. If you need to create a new index, see Create custom indexes in Managing Indexers and Clusters of Indexers.
  2. Go to Settings > Data inputs > HTTP Event Collector click Global Settings.
  3. Check the box next to Enable SSL, then click Save.
  4. Create an HTTP event collector token with indexer acknowledgments enabled. For a detailed walkthrough, see Set up and use the HTTP Event Collector in Getting Data In. During the configuration:
    1. Specify a Source type for your incoming data. See Source types for the Splunk Add-on for Amazon Kinesis Firehose for the source types supported by this add-on.
    2. Select an Index to which Firehose will send data.
    3. Check the box next to Enable indexer acknowledgement.
  5. Save the token that Splunk Web provides. You need this token when you configure Amazon Kinesis Firehose.
  6. Repeat steps 4 and 5 for each additional source type from which you want to collect data. Each source type requires a unique HTTP event collector token.

Next step
Configure Amazon Kinesis Firehose to send data to the Splunk platform

PREVIOUS
Install the Splunk Add-on for Amazon Kinesis Firehose on a single-instance Splunk Enterprise deployment
  NEXT
Configure Amazon Kinesis Firehose to send data to the Splunk platform

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters