Activate the HEC receiver on your Edge Processor

Configure your Edge Processor to support incoming data that is transmitted through HEC.

The following instructions mention only the settings that are required for receiving HEC data. For information about other Edge Processor settings, see Add an Edge Processor.

  1. In the Edge Processor service, navigate to the Edge Processors page.
  2. To access the receiver settings, do one of the following:
    • If you want to configure an existing Edge Processor, find the row that lists that Edge Processor. Then, select the Actions icon (Image of the Actions icon) and select Edit Edge Processor.
    • If you want to configure a new Edge Processor, select New Edge Processor.
  3. In the Receive data from these inputs section, select HTTP Event Collector.
  4. If you want to use TLS or mTLS to secure communications between this Edge Processor and the data sources that are sending data to it, then do the following:
    1. In the HTTP Event Collector section, select your preferred type of connection protocol.
    2. If you choose to use mTLS for your input, upload PEM files containing the certificates for proving the Edge Processor's identity in the Server private key, Server certificate, and CA certificates fields.
    3. If you choose to use TLS for your data input, upload PEM files containing the certificates for proving the Edge Processor's identity in the Server private key, and Server certificate fields.
      Note: The Edge Processor uses the same PEM files to prove its identity to all data sources where TLS or mTLS is used. For example, if you select both Splunk forwarders and HTTP Event Collector as data inputs and use TLS or mTLS with these inputs, then the Edge Processor uses the same server-side PEM files when receiving data from forwarders and HEC data sources.
  5. Select Save.

The Edge Processor can now receive data from HTTP clients and logging agents using HEC. Next, you can configure HEC token authentication in your Edge Processor to secure your HEC receiver or move on to configure your HTTP clients and logging agents to send data to the Edge Processor.