Before you install a Spherical stack, you must first set up a HTTP Event Collector in your installation of Splunk.
For Splunk Enterprise or self-service Splunk Cloud, first go to 'Settings'.
Click 'Data inputs' and navigate to 'HTTP Event Collector'.
Click 'Global Settings'.
Click the Enable button, and then click Save. (For more information, see "Enable HTTP Event Collector" in the Getting Data in the Splunk manual).
Note: For managed Splunk Cloud, submit a support ticket to have the feature enabled.
Create at least one input token. You'll need this token later.
For Splunk Enterprise or self-service Splunk Cloud, click the 'Add New' button.
Proceed through the 'Add Data' workflow until you've successfully created a token. (For more information, see 'Create an Event Collector' token in the 'Getting Data In' Splunk manual).
For managed Splunk Cloud, submit a support ticket to create or manage a token.
In addition to an authorisation token, you also need a Splunk URL. This varies depending on your type of Splunk deployment.
Either HTTP or HTTPs
The Splunk instance that runs HEC
The HEC port number, which is 8088 by default, but you can change in the HEC Global Settings
The HEC endpoint you want to use. Usually this is the
Once you have got both a Splunk URL and a Token, you can go ahead and create a Spherical stack using CloudFormation.