In Your Setup:

– each zone has its own shared DB:

• Zone A (A1 & A2) → DB-A
• Zone B (B1 & B2) → DB-B

That implies:

• You need to configure the plugin in both DBs (once per zone).
• So you only need to enable the plugin once per zone, using the Admin API on one node in each zone.

---

✅ What You Should Do:

1. Run this plugin setup command on one Kong node per zone (e.g., A1 and B1):

bash

CopyEdit

curl -i -X POST http://localhost:8001/plugins/ \

  –data “name=http-log” \

  –data “config.http_endpoint=https://splunk-hec.example.com:8088/services/collector” \

  –data “config.method=POST” \

  –data “config.headers[Authorization]=Splunk YOUR-HEC-TOKEN” \

  –data “config.queue.size=1000”

2. Confirm it’s active via:

curl http://localhost:8001/plugins

---

🛡️ Bonus Tip: Tag Your Logs by Node/Zone

To make Splunk logs more useful, you can:

• Add custom headers or query parameters with zone info.
• Use a transform or custom_fields in Splunk to tag logs from Zone A vs B.

Example:

–data “config.headers[X-Kong-Zone]=zone-a”