Splunk: What the heck is HEC (HTTP Event Collector)?
Wednesday June 28th at 1:00 PM EST
Splunk has many ways to ingest data, including file and directory monitors, scripted inputs, and it can even suck in data directly off of the network 'wire'. The HTTP Event Collector (HEC) is yet another way Splunk can ingest your data to help turn it into valuable information, and in some ways, is the most efficient way of ingestion that Splunk has.
One of HEC's unique characteristics is that it doesn't require the installation of an 'agent' or forwarder on the device generating the events. This can be very beneficial when you have an appliance that can't run the Splunk Universal Forwarder software, you don't want to put a forwarder on the box for performance reasons, or in some cases where the device or application is something you may 'rent' (like a hosted service" so you physically don't have the ability to install anything on it.
So what actually is HEC? How does it work? How do you configure it? How do you use it to ingest data? - Join us to find out!
In this 30 minute TekTalk, you'll learn about:
- What the HTTP Event Collector is (and isn't)
- How to configure HEC, including some best practices
- The benefits of using HEC over other input options
- Sample code showing how to send data to HEC
Director of Operational Intelligence, TekStreamAs Director of Operational Intelligence, Karl is a seasoned, well-rounded technologist with a passion to learn and absorb new technologies, work with business partners to understand their business needs, then identify and adapt technology to help meet those needs. He has an innate ability to speak both in business and technical terms, and to translate between the two.