O'Reilly logo

Splunk 7 Essentials - Third Edition by Betsy Page Sigman, Erickson Delgado, J-P Contreras

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Indexer acknowledgement

Indexer acknowledgement is an additional functionality of the Splunk HEC. In the previous examples, after submitting the cURL command, Splunk would return a success message. However, such a message just confirms the event was received. It does not confirm that the event was actually indexed by Splunk. This is where the indexer acknowledgement functionality adds value.

If some or all of your HEC events are required to be captured, using HEC indexer acknowledgement will allow for checking indexing success and resending events which fail to index.

Indexer acknowledgement is configured at an HEC token level. Therefore, some tokens can include the acknowledgement functionality while others may not.

To edit the token you ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required