From e53ed1a37d78b2c37af35e4d596a3856d43cbc1b Mon Sep 17 00:00:00 2001
From: Mark Bonsack <mbonsack@splunk.com>
Date: Wed, 12 Feb 2020 15:46:26 -0800
Subject: [PATCH] Update to clarify HEC Ack

* Include note to warn not to set HEC Ack when configuring the HEC token on the Splunk side.
---
 docs/configuration.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/docs/configuration.md b/docs/configuration.md
index 1343573..abdf261 100644
--- a/docs/configuration.md
+++ b/docs/configuration.md
@@ -10,6 +10,9 @@ and variables needed to properly configure SC4S for your environment.
 | SPLUNK_HEC_URL | url | URL(s) of the Splunk endpoint, can be a single URL space seperated list |
 | SPLUNK_HEC_TOKEN | string | Splunk HTTP Event Collector Token |
 
+* NOTE:  Do _not_ configure HEC Acknowledgement when deploying the HEC token on the Splunk side; the underlying syslog-ng http
+destination does not support this feature.  Moreover, HEC would significantly degrade performance for streaming data such as syslog.
+
 
 ## Splunk HEC Destination Configuration