HTTP Event Collector (HEC) configuration reference
The HTTP Event Collector (HEC) lets you send data and application events to your Splunk platform deployment over the HTTP and Secure HTTP (HTTPS) protocols. Data Manager creates HEC tokens for each of the following data sources:
|Data Source||HEC token name|
|AWS Security Hub|
|AWS IAM Access Analyzer|
|AWS IAM credential reports and metadata|
|Azure Active Directory|
|Azure Activity Logs|
|Google Cloud Platform|
<input_id>in each token is a placeholder. It will be replaced by a real input id. For example,
- Check if the HEC token has been created successfully. Each HEC token name has a Data Manager input ID in it. You can find the
input_idfrom the URL in the Data Input Details page for that input.
- Check if the HEC token is in enabled state. If it is disabled, enable it.
- For CloudTrail, GuardDuty, SecurityHub, IAM Access Analyzer, and CloudWatch Logs, the HEC token must have indexer acknowledgement enabled.
- If any HEC token is missing for an input, delete the input. To learn more about deleting an input, see the Delete Your Data Inputs chapter in this manual.
GCP Inputs Health
Version management in Data Manager
This documentation applies to the following versions of Data Manager: 1.7.0