Splunk® Supported Add-ons

Splunk Add-on for Linux

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Configure HEC inputs for the Splunk Add-on for Linux

HTTP Event Collector (HEC) is an endpoint that lets you send application events to your Splunk deployment using the HTTP or Secure HTTP (HTTPS) protocols. CollectD sends data to the Splunk Add-on for Linux in JSON format.

Paid Splunk Cloud customers must open a ticket with Splunk Support to enable HEC.

Configure HEC inputs for Linux using Splunk Web

  1. Click Settings > Data Inputs > HTTP Event Collector.
  2. Define a new data input and set the source type to linux:collectd:http:json. The mapping and dashboard panels for Splunk IT Service Intelligence (ITSI) are dependent on this source type.

For more information on how to configure data inputs, see Configure your inputs.

For more detailed guidelines on how to configure HEC inputs, see Set up and use HTTP Event Collection.

If you need to validate your data input configuration, see Validate data collection.

Configure HEC inputs to use metrics data

If you want to collect metrics data, you must configure Splunk to index metrics and configure the HEC inputs to use the metrics source type. You can do this by either editing the props.conf file directly, or by setting the source type in Splunk Web.

For more information on how to configure data inputs, see Configure your inputs.

If you need to validate your data input configuration, see Validate data collection.

Edit the props.conf file to set the metrics source type

  1. Configure Splunk to create the metrics indexes. See Create metrics indexes.
  2. Add the following stanza to $SPLUNK_HOME/etc/apps/Splunk_TA_Linux/local/props.conf: 
    [linux:collectd:http:metrics]
METRICS_PROTOCOL = COLLECTD_HTTP
  3. Restart Splunk.
  4. Go to Splunk Web.
  5. Click Settings > Data Inputs > HTTP Event Collector.
  6. Define a new data input and set the source type to linux:collectd:http:metrics. The mapping and dashboard panels for Splunk IT Service Intelligence (ITSI) are dependent on this source type.

Use Splunk Web to set the metrics source type

See Get metrics in from CollectD.

Last modified on 25 July, 2022
PREVIOUS
Configure CollectD to send data to the Splunk Add-on for Linux 		  NEXT
Configure TCP inputs in CollectD for the Splunk Add-on for Linux

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters