Splunk HEC
Use this output type to send NFO data to Splunk HEC input.
warning
Make sure that Splunk HEC Indexer Acknowledgement is disabled on Splunk side. For details, visit https://docs.splunk.com/Documentation/Splunk/9.4.0/Data/AboutHECIDXAck
| Parameter | Description |
|---|---|
| Protocol | HTTP or HTTPS |
| Address | Destination IP address where NFO sends events for Splunk HEC |
| Port | Destination port number |
| Access token | Splunk HEC Access token |
| Max batch size | Buffer size in bytes. When the number of bytes in the buffer reached its size NFO data is pushed out |
| Flush timeout | Time in msec when NFO data is sent out, even if the batch size is not reached its maximum |