Configure HTTP event collector for the Amazon Kinesis Firehose on a single-instance Splunk Enterprise deployment
Install the Splunk Add-on for Amazon Web Services on a single-instance Splunk Enterprise deployment.
For optimal performance, set
ackIdleCleanup to true in
inputs.conf located in
$SPLUNK_HOME/etc/apps/splunk_httpinput/local/inputs.conf for *nix users and
%SPLUNK_HOME%\etc\apps\splunk_httpinput\local\inputs.conf for Windows users.
- Decide what index you want to use to collect your Amazon Kinesis Firehose data. Ensure that this index is enabled and active. Sending data to a disabled or deleted index results in dropped events. If you need to create a new index, see Create custom indexes in Managing Indexers and Clusters of Indexers.
- Go to Settings > Data inputs > HTTP Event Collector click Global Settings.
- Check the box next to Enable SSL, then click Save.
- Create an HTTP event collector token with indexer acknowledgments enabled. For a detailed walkthrough, see Set up and use the HTTP Event Collector in Getting Data In. During the configuration:
- Specify a Source type for your incoming data. See Source types for the Splunk Add-on for Amazon Kinesis Firehose for the source types supported by this add-on.
- Select an Index to which Firehose will send data.
- Check the box next to Enable indexer acknowledgement.
- Save the token that Splunk Web provides. You need this token when you configure Amazon Kinesis Firehose.
- Repeat steps 4 and 5 for each additional source type from which you want to collect data. Each source type requires a unique HTTP event collector token.
Next Step Configure Amazon Kinesis Firehose to send data to the Splunk platform
Steps to configure the Amazon Kinesis Firehose on a single-instance Splunk Enterprise deployment
Configure Amazon Kinesis Firehose to send data to the Splunk platform
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!