SlideShare a Scribd company logo

Splunk HTTP Event Collector

Splunk
Splunk

The document discusses Splunk's HTTP Event Collector which allows sending events directly to Splunk from various sources using a token-based JSON API. It can be enabled and used to send events by creating and including an authentication token in requests. Events are sent via HTTP POST and the collector is highly performant, scalable, and available. It provides libraries for common languages and can be run on indexers or dedicated collector instances.

Technology
1 of 9
1
2
3
4
5
6
7
8
9
Copyright © 2015 Splunk Inc. Splunk HTTP Event Collector
HTTP Event Collector 2 • A new token-based JSON API for events • Send events directly from anywhere (servers, mobile devices, IOT) • Easy to configure / works out of the box. • Easy to secure • Highly performant, scalable and available
How To Use • Enable HTTP Event Collector • Create/Get a token • Send events to Splunk using the token – Use HTTP Directly  Create a POST request and set the Auth header with the token  POST JSON in our event format to the collector – Use logging libraries  Support for .NET, Java and JavaScript loggers 3
Sending Data curl -v http://localhost:8088/services/collector -H "Authorization: Splunk 9F7F64FC-8E3F-4D85- B7F3-F6EC5B71ED1B" -d '{"event":{"uid":"hrottenberg","action","login"}} ' 4
A few tips • Create tokens per app, department, component, service. etc. Not per user or device especially if you are talking about a large number (> 10000) • Consider partitioning tokens to different indexes. This will speed up searches and make it easy to archive • Consider delegating token management to DevOps / Eng • Explicitly set allowed indexes on the token. If not set, the token can send data to any index. • Use HTTP over HTTPS when you can. You can get about a 30% performance gain. • Ask your devs to batch events. It greatly improves throughtput. 5
Scale and High Availability 6 Indexers Search Head / Deployment Server
Scale and High Availability 7 Event Collectors Indexers Search Heads
Distributed deployment HTTP Event Collector can scale to meet your needs! • Build in to splunkd, nothing special to install • Run directly on the indexer • Or run on a dedicated Collector instance and forward to an indexer • Uses Deployment Server to to sync tokens across the Collector instances 8
Resources Documentation: http://dev.splunk.com/view/event-collector/SP-CAAAE6M Blog: http://blogs.splunk.com/2015/10/06/http-event-collector-your-direct-event-pipe-to-splunk-6-3 9

More Related Content

What's hot (20)

PPTX
Splunk Overview
Splunk
 
PPTX
Best practices and lessons learnt from Running Apache NiFi at Renault
DataWorks Summit
 
PPTX
Centralized log-management-with-elastic-stack
Rich Lee
 
PPTX
Getting Data into Splunk
Splunk
 
PPTX
Understanding container security
John Kinsella
 
PDF
Infrastructure as Code with Terraform and Ansible
DevOps Meetup Bern
 
PPTX
Log analysis using elk
Rushika Shah
 
PPTX
SplunkLive 2011 Beginners Session
Splunk
 
PDF
OpenShift 4, the smarter Kubernetes platform
Kangaroot
 
PDF
Apache NiFi Record Processing
Bryan Bende
 
PDF
Splunk-Presentation
PrasadThorat23
 
ODP
Elasticsearch for beginners
Neil Baker
 
PDF
Virtualization Architecture & KVM
Pradeep Kumar
 
PPTX
NGINX: High Performance Load Balancing
NGINX, Inc.
 
PPTX
Splunk Tutorial for Beginners - What is Splunk | Edureka
Edureka!
 
PDF
Splunk 101
Splunk
 
ODP
ansible why ?
Yashar Esmaildokht
 
PDF
Introduction to elasticsearch
hypto
 
PDF
Logstash-Elasticsearch-Kibana
dknx01
 
PDF
Linux Systems Performance 2016
Brendan Gregg
 
Splunk Overview
Splunk
 
Best practices and lessons learnt from Running Apache NiFi at Renault
DataWorks Summit
 
Centralized log-management-with-elastic-stack
Rich Lee
 
Getting Data into Splunk
Splunk
 
Understanding container security
John Kinsella
 
Infrastructure as Code with Terraform and Ansible
DevOps Meetup Bern
 
Log analysis using elk
Rushika Shah
 
SplunkLive 2011 Beginners Session
Splunk
 
OpenShift 4, the smarter Kubernetes platform
Kangaroot
 
Apache NiFi Record Processing
Bryan Bende
 
Splunk-Presentation
PrasadThorat23
 
Elasticsearch for beginners
Neil Baker
 
Virtualization Architecture & KVM
Pradeep Kumar
 
NGINX: High Performance Load Balancing
NGINX, Inc.
 
Splunk Tutorial for Beginners - What is Splunk | Edureka
Edureka!
 
Splunk 101
Splunk
 
ansible why ?
Yashar Esmaildokht
 
Introduction to elasticsearch
hypto
 
Logstash-Elasticsearch-Kibana
dknx01
 
Linux Systems Performance 2016
Brendan Gregg
 

Similar to Splunk HTTP Event Collector (20)

PDF
Anz summit 2015 http event collector - sydney
Splunk
 
PDF
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
Splunk
 
PPTX
HTTP Event Collector, Simplified Developer Logging
Glenn Block
 
PDF
OpenStack Swift的性能调优
Hardway Hou
 
KEY
OpenStack APIs: Present and Future (Beta Talk)
Wade Minter
 
PPTX
How bol.com makes sense of its logs, using the Elastic technology stack.
Renzo Tomà
 
PDF
Scaling Push Messaging for Millions of Devices @Netflix
C4Media
 
PDF
Openstack: security beyond firewalls
GARL
 
PDF
OpenStack: Security Beyond Firewalls
Giuseppe Paterno'
 
PPTX
Liberate your Application Logging
Glenn Block
 
PPTX
Azure iot
書廷 林
 
PDF
OpenStack in Action 4! Nick Barcet & Julien Danjou - From ceilometer to telem...
eNovance
 
PDF
Federated Identity for IoT with OAuth2
Paul Fremantle
 
PDF
Istio Playground
QAware GmbH
 
PDF
TechWiseTV Workshop: Catalyst Switching Programmability
Robb Boyd
 
PPT
Fiware io t_ul20_cpbr8
FIWARE
 
PPTX
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Adam Dunkels
 
PPTX
Splunk Discovery: Warsaw 2018 - Getting Data In
Splunk
 
PPTX
FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca
 
PPTX
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Codemotion
 
Anz summit 2015 http event collector - sydney
Splunk
 
SplunkSummit 2015 - HTTP Event Collector, Simplified Developer Logging
Splunk
 
HTTP Event Collector, Simplified Developer Logging
Glenn Block
 
OpenStack Swift的性能调优
Hardway Hou
 
OpenStack APIs: Present and Future (Beta Talk)
Wade Minter
 
How bol.com makes sense of its logs, using the Elastic technology stack.
Renzo Tomà
 
Scaling Push Messaging for Millions of Devices @Netflix
C4Media
 
Openstack: security beyond firewalls
GARL
 
OpenStack: Security Beyond Firewalls
Giuseppe Paterno'
 
Liberate your Application Logging
Glenn Block
 
Azure iot
書廷 林
 
OpenStack in Action 4! Nick Barcet & Julien Danjou - From ceilometer to telem...
eNovance
 
Federated Identity for IoT with OAuth2
Paul Fremantle
 
Istio Playground
QAware GmbH
 
TechWiseTV Workshop: Catalyst Switching Programmability
Robb Boyd
 
Fiware io t_ul20_cpbr8
FIWARE
 
Building the Internet of Things with Thingsquare and Contiki - day 1, part 3
Adam Dunkels
 
Splunk Discovery: Warsaw 2018 - Getting Data In
Splunk
 
FIWARE Primer - Learn FIWARE in 60 Minutes
Federico Michele Facca
 
Federico Michele Facca - FIWARE Primer - Learn FIWARE in 60 Minutes
Codemotion
 
Ad

More from Splunk (20)

PDF
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
PDF
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
PDF
Building Resilience with Energy Management for the Public Sector
Splunk
 
PDF
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
PDF
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
PDF
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
PDF
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
PDF
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
PDF
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
PDF
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
PDF
.conf Go 2023 - Data analysis as a routine
Splunk
 
PDF
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
PDF
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
PDF
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
PDF
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
PDF
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
PDF
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
PDF
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
PDF
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
PDF
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
Splunk Security Update | Public Sector Summit Germany 2025
Splunk
 
Building Resilience with Energy Management for the Public Sector
Splunk
 
IT-Lagebild: Observability for Resilience (SVA)
Splunk
 
Nach dem SOC-Aufbau ist vor der Automatisierung (OFD Baden-Württemberg)
Splunk
 
Monitoring einer Sicheren Inter-Netzwerk Architektur (SINA)
Splunk
 
Praktische Erfahrungen mit dem Attack Analyser (gematik)
Splunk
 
Cisco XDR & Splunk SIEM - stronger together (DATAGROUP Cyber Security)
Splunk
 
Security - Mit Sicherheit zum Erfolg (Telekom)
Splunk
 
One Cisco - Splunk Public Sector Summit Germany April 2025
Splunk
 
.conf Go 2023 - Data analysis as a routine
Splunk
 
.conf Go 2023 - How KPN drives Customer Satisfaction on IPTV
Splunk
 
.conf Go 2023 - Navegando la normativa SOX (Telefónica)
Splunk
 
.conf Go 2023 - Raiffeisen Bank International
Splunk
 
.conf Go 2023 - På liv og død Om sikkerhetsarbeid i Norsk helsenett
Splunk
 
.conf Go 2023 - Many roads lead to Rome - this was our journey (Julius Bär)
Splunk
 
.conf Go 2023 - Das passende Rezept für die digitale (Security) Revolution zu...
Splunk
 
.conf go 2023 - Cyber Resilienz – Herausforderungen und Ansatz für Energiever...
Splunk
 
.conf go 2023 - De NOC a CSIRT (Cellnex)
Splunk
 
conf go 2023 - El camino hacia la ciberseguridad (ABANCA)
Splunk
 
Ad

Recently uploaded (20)

PDF
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
PPTX
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
PDF
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
PDF
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PDF
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
PDF
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
PDF
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
PDF
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
PDF
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
PDF
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
PPTX
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
PPTX
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
PPTX
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
PDF
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
PPTX
Future Tech Innovations 2025 – A TechLists Insight
TechLists
 
PDF
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
PDF
Staying Human in a Machine- Accelerated World
Catalin Jora
 
PDF
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
PPTX
The Project Compass - GDG on Campus MSIT
dscmsitkol
 
PDF
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 
Newgen Beyond Frankenstein_Build vs Buy_Digital_version.pdf
darshakparmar
 
COMPARISON OF RASTER ANALYSIS TOOLS OF QGIS AND ARCGIS
Sharanya Sarkar
 
Newgen 2022-Forrester Newgen TEI_13 05 2022-The-Total-Economic-Impact-Newgen-...
darshakparmar
 
Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
Using FME to Develop Self-Service CAD Applications for a Major UK Police Force
Safe Software
 
CIFDAQ Market Insights for July 7th 2025
CIFDAQ
 
Reverse Engineering of Security Products: Developing an Advanced Microsoft De...
nwbxhhcyjv
 
Building Real-Time Digital Twins with IBM Maximo & ArcGIS Indoors
Safe Software
 
Exolore The Essential AI Tools in 2025.pdf
Srinivasan M
 
[Newgen] NewgenONE Marvin Brochure 1.pdf
darshakparmar
 
OpenID AuthZEN - Analyst Briefing July 2025
David Brossard
 
From Sci-Fi to Reality: Exploring AI Evolution
Svetlana Meissner
 
AUTOMATION AND ROBOTICS IN PHARMA INDUSTRY.pptx
sameeraaabegumm
 
"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...
Fwdays
 
Future Tech Innovations 2025 – A TechLists Insight
TechLists
 
How Startups Are Growing Faster with App Developers in Australia.pdf
India App Developer
 
Staying Human in a Machine- Accelerated World
Catalin Jora
 
New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025
BookNet Canada
 
The Project Compass - GDG on Campus MSIT
dscmsitkol
 
Jak MŚP w Europie Środkowo-Wschodniej odnajdują się w świecie AI
dominikamizerska1
 

Splunk HTTP Event Collector