Create an HTTP Event Collector (HEC)
- Marcel Scherer (Deactivated)
- Stephen Bangs
For establishing a connection between the SAP system and Splunk an HTTP Event Collector (HEC) must be created within Splunk. In order to create the HEC…
Click on “Settings”, then on “Data Inputs”.
Create a new HTTP Event Collector by clicking on “+ Add new”.
Provide a valid and reasonable name identifying the HEC.
Leave all other settings in default values and press “Next”.
Choose the index you created one step before as an input source.
Verify settings and “Submit” them.
Note the value of the token that has been created. It will be needed in a setting later.
Check successful creation.
If you have different staff for administering Splunk and SAP Basis, hand-over the following values to the SAP Basis team or your service provider:
Parameter | Value | Comment |
|---|---|---|
HEC Index Name | sap (or custom) |
|
HEC Token | <value> | Token value as mentioned above. |
HEC Endpoint URL | http://<Splunk Hostname> | for a non-SSL setup. |
HEC Enpoint URL SSL | https://<Splunk Hostname> | for an SSL setup. |
TCP Port | 8088 (Splunk Enterprise default) 443 (Splunk Cloud default) | If a different port is configured, please use this one. |
SSL Certificate | corresponding *.CER-file | Only if an SSL setup is intended. |
If you use an SSL encrypted connection you probably need to follow these steps for configuring SSL. Otherwise the next step would be to create a role allowing you to access the index we created before.