How data flows to the HEC?

Let's begin by looking at how data flows to the HEC. This is a multi-step process that is important to understand before we go deeper.

Logging in data

First, data needs to be logged in, but before that it needs to be packaged from the source, which can be done in a number of different ways. These are listed as follows:

A Splunk logging library, such as Splunk logging for Java or Splunk logging for .NET
Another agent, such as a JavaScript request library
The Java Apache HTTP client
And lastly, some other client, as long as it will appropriately package the event data in JSON format

Before going further, let's review what the JSON format means. A couple of examples of key-value pairs in JSON format are shown here. The key is ...

Get Splunk: Enterprise Operational Intelligence Delivered now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Splunk: Enterprise Operational Intelligence Delivered by Betsy Page Sigman, Erickson Delgado, Josh Diakun, Paul R Johnson, Derek Mock, Ashish Kumar Tulsiram Yadav

How data flows to the HEC?

Logging in data

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly