To receive HTTP post messages in Splunk, we need to create a Splunk HTTP Collector token.
To create an index for this token see Create a Splunk index
- In the Settings menu select Data Inputs
- Select the HTTP Event Collector link
- Click the New Token button
- Enter a name and description for the token and click the Next button
- Select the index to store the events in, set it as the default index, and click the Review button
- Click the Submit button to create the token
- The confirmation screen shows the token. You will be able to see it again on the token list page. Click the Start Searching button to see the search statement to see the events collected by this token.
- You can always search for the events with
source="http:MY_INPUT" (index="MY_INDEX")
- The HTTP Event Collector token list shows the token.