Explanation
The correct answer is A, B, and D because these are the statements that are true regarding HEC (HTTP Event Collector) tokens. HEC tokens are unique identifiers that are used to authenticate and authorize the data sent to HEC, which is a service that allows you to send data to Splunk via HTTP or HTTPS. Option A is correct because multiple tokens can be created for use with different sourcetypes and indexes, which are the attributes that define the data type and the location of the data in Splunk. Option B is correct because the edit token http admin role capability is required to create a token, which is a permission that allows the user to manage the HEC tokens. Option D is correct because tokens can be edited using the data/inputs/http/{tokenName} endpoint, which is a REST endpoint that allows you to update the properties of a specific HEC token. Option C is incorrect because to create a token, you need to send a POST request to the data/inputs/http endpoint, not the services/collector endpoint. The services/collector endpoint is used to send data to HEC, not to create tokens. You can find more information about HEC tokens and their endpoints in the Splunk Developer Guide.