Document toolboxDocument toolbox

Create an HTTP Event Collector (HEC)

For establishing a connection between the SAP system and Splunk an HTTP Event Collector (HEC) must be created within Splunk. In order to create the HEC…

  • Click on “Settings”, then on “Data Inputs”.

  • Create a new HTTP Event Collector by clicking on “+ Add new”.

  • Provide a valid and reasonable name identifying the HEC.

  • Leave all other settings in default values and press “Next”.

  • Choose the index you created one step before as an input source.

  • Verify settings and “Submit” them.

  • Note the value of the token that has been created. It will be needed in a setting later.

  • Check successful creation.

  • If you have different staff for administering Splunk and SAP Basis, hand-over the following values to the SAP Basis team or your service provider:

Parameter

Value

Comment

Parameter

Value

Comment

HEC Index Name

sap (or custom)

 

HEC Token

<value>

Token value as mentioned above.

HEC Endpoint URL

http://<Splunk Hostname>

for a non-SSL setup.

HEC Enpoint URL SSL

https://<Splunk Hostname>

for an SSL setup.

TCP Port

8088 (Splunk Enterprise default)

443 (Splunk Cloud default)

If a different port is configured, please use this one.

SSL Certificate

corresponding *.CER-file

Only if an SSL setup is intended.

 

If you use an SSL encrypted connection you probably need to follow these steps for configuring SSL. Otherwise the next step would be to create a role allowing you to access the index we created before.