Skip to content

Configure an Elastic Load Balancer for the Splunk Add-on for Amazon Web Services

If your indexers are in an AWS Virtual Private Cloud, send your Amazon Kinesis Firehose data to an Elastic Load Balancer (ELB) with sticky sessions enabled and cookie expiration disabled. Perform the following procedures to configure an ELB that can integrate with the Splunk HTTP event collector.

This procedure does not apply if your indexers are not in an AWS Virtual Private Cloud. See Install the Splunk Add-on for Amazon Web Services on a distributed Splunk Enterprise deployment.

Create an Elastic Load Balancer

Follow these steps to configure your ELB properly to receive data. For more detailed information about Elastic Load Balancers, see https://docs.aws.amazon.com/elasticloadbalancing/ in the AWS documentation.

Prerequisites Amazon Kinesis Firehose requires the HEC endpoint to be terminated with a valid CA-signed SSL certificate. Import your valid CA-signed SSL certificates to AWS Certificate Manager or AWS IAM before creating or modifying your elastic load balancer. See https://docs.aws.amazon.com/elasticloadbalancing/latest/classic/elb-create-https-ssl-load-balancer.html?icmpid=docs_elb_console#config-backend-auth in the AWS documentation.

  1. Open the Amazon EC2 console.
  2. On the navigation pane, under Load balancing, select Load Balancers.

  3. Create a classic load balancer with the following parameters:

    Field in Amazon Web Services ELB UI Value
    Select load balancer type Classic load balancer.
    Load balancer name Name of your load balancer.
    Load balancer protocol HTTPS. Use the default or change the load balancer port.
    Assign or select a security group The chosen security group needs to allow inbound traffic from load balancer to HTTP event collector port on indexers.
    Configure security settings Select your CA-signed SSL certificate that you imported in the prerequisites step.
    Health Check settings Ping protocol: HTTPS
    Ping port: 8088
    Ping path: HTTPS:8088/services/collector/health/1.0
    Timeout: 5 seconds
    Interval: 30 seconds
    Unhealthy threshold: 2
    Healthy threshold: 10
    Add EC2 instances Add all indexers that you are using to index data with this add-on.

  4. Click Review and create, and verify in the following review page that your load balancer details are correct. After creating your elastic load balancer, modify the port and the attributes as described in the following procedure.

Modify an existing load balancer with the proper settings

Prerequisites Before proceeding, ensure you have configured an Elastic Load Balancer with the protocol set to HTTPS and have uploaded a valid CA-signed SSL certificate.

  1. From the Load balancers page in the EC2 console, select your Elastic Load Balancer with the basic settings already configured.
  2. Modify your load balancer with the following parameters:
Field in Amazon Web Services ELB UI Value
Health Check settings Ping protocol: HTTPS
Ping port: 8088
Ping path: HTTPS:8088/services/collector/health/1.0
Timeout: 5 seconds
Interval: 30 seconds
Unhealthy threshold: 2
Healthy threshold: 10
Port configuration Under Edit stickiness, select Enable load balancer generated cookie stickiness. Leave the expiration period blank.
Attributes Under Edit idle timeout, enter 60 seconds.