Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Splunk 9.x Enterprise Certified Admin Guide

You're reading from   Splunk 9.x Enterprise Certified Admin Guide Ace the Splunk Enterprise Certified Admin exam with the help of this comprehensive prep guide

Arrow left icon
Product type Paperback
Published in Aug 2023
Publisher Packt
ISBN-13 9781803230238
Length 256 pages
Edition 1st Edition
Tools
Arrow right icon
Author (1):
Arrow left icon
Srikanth Yarlagadda Srikanth Yarlagadda
Author Profile Icon Srikanth Yarlagadda
Srikanth Yarlagadda
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Part 1: Splunk System Administration
2. Chapter 1: Getting Started with the Splunk Enterprise Certified Admin Exam FREE CHAPTER 3. Chapter 2: Splunk License Management 4. Chapter 3: Users, Roles, and Authentication in Splunk 5. Chapter 4: Splunk Forwarder Management 6. Chapter 5: Splunk Index Management 7. Chapter 6: Splunk Configuration Files 8. Chapter 7: Exploring Distributed Search 9. Part 2:Splunk Data Administration
10. Chapter 8: Getting Data In 11. Chapter 9: Configuring Splunk Data Inputs 12. Chapter 10: Data Parsing and Transformation 13. Chapter 11: Field Extractions and Lookups 14. Chapter 12: Self-Assessment Mock Exam 15. Index 16. Other Books You May Enjoy

Understanding HEC input

HEC is an agentless input type that doesn’t require a forwarder on the source machine. This input type is suitable for sources that are capable of sending events over HTTP(S), such as web apps (through JavaScript libraries), mobile apps, and automation scripts. HEC exposes RESTful API endpoints on the Splunk Enterprise instance to accept data for indexing. The instance could be an HF/indexer in a distributed deployment. Let’s look at the key facts about HEC input:

  • HEC is disabled by default on Splunk instances, and the user must enable it manually to start using it. HEC can be scaled by configuring it across multiple Splunk instances and optionally fronting it with a load balancer.
  • Authentication to HEC APIs is done via a token supplied in the HTTP request sent by the source. The token configuration is set up by the administrator and shared with the application/source team for them to send over the events.
  • HEC exposes two important...
lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image