Configure an Elastic Load Balancer for the Splunk Add-on for Amazon Web Services
If your indexers are in an AWS Virtual Private Cloud, send your Amazon Kinesis Firehose data to an Elastic Load Balancer (ELB) with sticky sessions enabled and cookie expiration disabled. Follow the directions on this page to configure an ELB that can integrate with the Splunk HTTP event collector.
If your indexers are not in an AWS Virtual Private Cloud, this procedure does not apply to you. See Install the Splunk Add-on for Amazon Web Services on a distributed Splunk Enterprise deployment.
You must use an ELB. Application load balancers and network load balancers are not supported.
Create an elastic load balancer
Follow these steps to configure your ELB properly to receive data. For more detailed information about Elastic Load Balancers, see Elastic Load Balancing Documentation in the AWS documentation.
Prerequisites Amazon Kinesis Firehose requires the HEC endpoint to be terminated with a valid CA-signed SSL certificate. Import your valid CA-signed SSL certificates to AWS Certificate Manager or AWS IAM before creating or modifying your elastic load balancer. See Configure Security Settings in the AWS documentation.
- Open the Amazon EC2 console.
- On the navigation pane, under Load balancing, select Load Balancers.
- Create a classic load balancer with the following parameters:
Field in Amazon Web Services ELB UI Value Select load balancer type Classic load balancer Load balancer name Name of your load balancer Load balancer protocol HTTPS. Use the default or change the load balancer port. Assign or select a security group The chosen security group needs to allow inbound traffic from load balancer to HTTP event collector port on indexers. Configure security settings Select your CA-signed SSL certificate that you imported in the prerequisites step. Health Check settings Ping protocol: HTTPS
Ping port: 8088
Ping path: HTTPS:8088/services/collector/health/1.0
Timeout: 5 seconds
Interval: 30 seconds
Unhealthy threshold: 2
Healthy threshold: 10
Add EC2 instances Add all indexers that you are using to index data with this add-on.
- Click Review and create, and verify in the following review page that your load balancer details are correct. After creating your elastic load balancer, modify the port configuration and the attributes as described below.
Modify an existing load balancer with the proper settings
Prerequisites An elastic load balancer that has been configured with the correct basic settings. This includes setting the load balancer protocol to HTTPS and uploading a valid CA-signed SSL certificate.
Steps From the Load balancers page in the EC2 console, select your elastic load balancer with the basic settings already configured. Modify your load balancer with the following parameters:
|Field in Amazon Web Services ELB UI||Value|
|Health Check settings||Ping protocol: HTTPS
Ping port: 8088 Ping path: HTTPS:8088/services/collector/health/1.0 Timeout: 5 seconds Interval: 30 seconds Unhealthy threshold: 2 Healthy threshold: 10
|Port configuration||Under Edit stickiness, select Enable load balancer generated cookie stickiness.
Leave the expiration period blank.
|Attributes||Under Edit idle timeout, enter 60 seconds.|
Next Step Install the Splunk Add-on for Amazon Web Services on a distributed Splunk Enterprise deployment
Select and prepare your distributed Splunk Enterprise deployment for the Splunk Add-on for Amazon Web Services
Configure HTTP event collector for the Splunk Add-on for Amazon Web Services on a distributed Splunk Enterprise deployment
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!