Splunk® Supported Add-ons

Splunk Add-on for AWS

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Steps to configure the Amazon Kinesis Firehose on a paid Splunk Cloud deployment

Follow these steps to configure the Amazon Kinesis Firehose in your paid Splunk Cloud deployment.

If your paid Splunk Cloud deployment has a search head cluster, you will need additional assistance from Splunk Support to perform this configuration. See Paid Splunk Cloud with a search head cluster.

If your paid Splunk Cloud instance does not have a search head cluster, follow this procedure.

  1. Decide what index you want to use to collect your Amazon Kinesis Firehose data. Ensure that this index is enabled and active. Sending data to a disabled or deleted index results in dropped events. If you need to create a new index, see Manage Splunk Cloud Platform indexes.
  2. Install the add-on to your Splunk Cloud deployment. For Splunk Cloud Classic stacks, submit a case on the Splunk Support Portal. In the case, ask Splunk Support to enable HTTP Event Collector (HEC) and create or modify an elastic load balancer to use with this add-on. For Splunk Cloud Victoria stacks, a Firehose HEC elastic load balancer is automatically provisioned. For more information on step-by-step instructions, see Install apps in your Splunk Cloud deployment.
  3. Wait for Splunk Support to perform the necessary setup and confirm with you once the HTTP event collector is enabled and your elastic load balancer is ready for use. Splunk Support will confirm the URL that you should use for your HTTP event collector endpoint. It should match this format: https://http-inputs-firehose-<your unique cloud hostname here>.splunkcloud.com:443.
  4. Create an HTTP event collector token with indexer acknowledgments enabled. For step-by-step instructions, see Configure HTTP Event Collector on Splunk Cloud. During the configuration:
    1. Specify a Source type for your incoming data. See Source types supported for Amazon Kinesis Firehose by this add-on.
    2. Select the Index to which Amazon Kinesis Firehose will send data.
    3. Check the box next to Enable indexer acknowledgement.
  5. Save the token that Splunk Web provides. You need this token when you configure Amazon Kinesis Firehose.
  6. Repeat steps 4, 5, and 6 for each source type from which you want to collect data. Each source type requires a unique HTTP event collector token.

Next step Configure Amazon Kinesis Firehose to send data to the Splunk platform

Last modified on 27 February, 2023
Configuration overview for the Amazon Kinesis Firehose
Steps to configure the Amazon Kinesis Firehose on a distributed Splunk Enterprise deployment

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters