When you use HEC to collect data, the Splunk platform sends de-identified usage data ingested through HEC from Splunk add-ons, apps, and connectors to Splunk. This data is used to target pain points and improve functionality in future releases. For information about how this data is collected, stored, and governed, see Share data in Splunk Enterprise.
Types of data collected
deployment.httpEventCollector
determines data usage by aggregating the following information:
Data collected | Field name |
---|---|
The name of the add-on, app, or connector | app
|
Number of bytes ingested | bytes
|
The version of the add-on, app, or connector | version
|
For example:
data: { [-] app: stream333 bytes: 50 version: 3.1
Telemetry data for HEC is collected by default, and you can opt out of data sharing at any time. See How to opt out.
Components
HEC telemetry collects the following information:
Component | Description | Example |
---|---|---|
deployment.httpEventCollector
|
Tracks the amount of data that is processed through HEC for an add-on, app, or connector. | { [-] app: component: deployment.httpEventCollector data: { [-] app: stream333 bytes: 50 version: 3.1 } deploymentID: 18393d55-3552-546c-a5ab-61a96a04ae04 eventID: 367E743C-D629-4B25-B46A-78447116F3A4 executionID: 319FB159-0B47-4CA0-B29D-4CD0EDDF0DCF optInRequired: 1 timestamp: 1586974636 type: event userID: 574f5debd4e54c49ef018a6e1bde0379df499a23a865ab83e8d23d1170256f40 visibility: [ [-] anonymous support ] } |
Monitor Windows network information | Set up and use HTTP Event Collector in Splunk Web |
This documentation applies to the following versions of Splunk Cloud Platform™: 9.3.2408, 9.0.2205, 9.0.2208, 8.2.2112, 8.2.2201, 8.2.2202, 8.2.2203, 9.0.2209, 9.0.2303, 9.0.2305, 9.1.2308, 9.1.2312, 9.2.2403, 9.2.2406 (latest FedRAMP release)
Feedback submitted, thanks!