Which statements are true regarding HEC (HTTP Event Collector) tokens? (Select all that apply.)
Which statements are true regarding HEC (HTTP Event Collector) tokens? (Select all that apply.)
Multiple tokens can indeed be created for use with different sourcetypes and indexes, allowing for more granular data collection and control. The edit token http admin role capability is required to create a token, as this aligns with the necessary permissions needed to manage HTTP Event Collector settings and operations according to the Splunk documentation. The other options discussing specific endpoints for creating or editing tokens are incorrect in this context.
Answer is AD. To create a token, is used the "data/inputs/http" endpoint
It's ABD. A - Splunk does not limit indexes or sourcetypes in token creation. B - It's correct according to the documentation(edit_token_http): https://docs.splunk.com/Documentation/Splunk/8.2.6/Security/Rolesandcapabilities D - Splunl allows you to update tokens through this endpoint: https://docs.splunk.com/Documentation/Splunk/8.2.6/Data/HECRESTendpoints