HTTP Event Collector (HEC) is a method for sending event data over HTTP or HTTPS directly to a receiver, typically in JSON format. It's commonly used for real-time ingestion of data from various sources for indexing and analysis purposes. The use of HTTPS ensures secure transmission of the data.

HEC can be either a data source or a data sink.

HEC as a Data Source

We add data sources from the Platform Configuration page.

Step One: Add the Data Source

Each column of the Platform Configuration as a button on the bottom. To start we by clicking "Add Data Source" on the bottom of the first column.

This will open up a panel for configuring the properties needed to connect.

Step Two: Select the HTTP as the type of Data Source

When you first click on the "Add Data Source", a panel on the left appears. The "API Plugin" Appears first. We need to change this to "HTTPs Event Collector."

Once we select the HEC, the panel will display the properties form that needs to be completed.

Step Three: Properties Values

The form properties are:

• Name: This is the name of the Data Sink in Fluency.
• Format: This the type of data inside the HEC.
  • JSON: JavaScript Object Notation.
  • Text: Raw character stream.
  • Syslog: System Log Protocol.
• Enable Indexer: Some HEC senders require acknowledgement of the send. Click this option if this is the case.
• Receiver Name:
• Properties of JSON
• Tags

Step Four: Save and Connect to Router

Remember to save the configuration.

Next you will need to create a router. Routers are used to transform, enrich, and route the data to sink. The choice of the format will determine how the router parses the data.