topic Splunk Enterprise trial - Http Event Collector not working in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Splunk-Enterprise-trial-Http-Event-Collector-not-working/m-p/341023#M62876 <P>I've installed the <STRONG>splunk enterprise trial</STRONG>. i've <STRONG>enabled the HEC</STRONG> feature as described here <A href="http://dev.splunk.com/view/event-collector/SP-CAAAE7F">http://dev.splunk.com/view/event-collector/SP-CAAAE7F</A> which enable to send machine data from my app into splunk. I tried to send a <STRONG>POST request using postman to splunk and got no response.</STRONG></P> <P>method: POST<BR /> url : <A href="http://localhost:8088/services/collector">http://localhost:8088/services/collector</A><BR /> Authorization : my generated token</P> <P>why there is no response if i already enabled the HEC feature. it seems that no server listen on that port at all</P> <P>what i don't understand about splunk is - where is my data stored? is data for SPLUNK ENTERPRISE stored only locally and should be in use inside companies LAN network ? or splunk own servers in the cloud that stored all my data? is Splunk Enterprise and Splunk Cloud have differences on that subject?</P> <P>thank you for your help.</P> Wed, 01 Nov 2017 14:33:40 GMT henbarlevi 2017-11-01T14:33:40Z Splunk Enterprise trial - Http Event Collector not working https://community.splunk.com/t5/Getting-Data-In/Splunk-Enterprise-trial-Http-Event-Collector-not-working/m-p/341023#M62876 <P>I've installed the <STRONG>splunk enterprise trial</STRONG>. i've <STRONG>enabled the HEC</STRONG> feature as described here <A href="http://dev.splunk.com/view/event-collector/SP-CAAAE7F">http://dev.splunk.com/view/event-collector/SP-CAAAE7F</A> which enable to send machine data from my app into splunk. I tried to send a <STRONG>POST request using postman to splunk and got no response.</STRONG></P> <P>method: POST<BR /> url : <A href="http://localhost:8088/services/collector">http://localhost:8088/services/collector</A><BR /> Authorization : my generated token</P> <P>why there is no response if i already enabled the HEC feature. it seems that no server listen on that port at all</P> <P>what i don't understand about splunk is - where is my data stored? is data for SPLUNK ENTERPRISE stored only locally and should be in use inside companies LAN network ? or splunk own servers in the cloud that stored all my data? is Splunk Enterprise and Splunk Cloud have differences on that subject?</P> <P>thank you for your help.</P> Wed, 01 Nov 2017 14:33:40 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-Enterprise-trial-Http-Event-Collector-not-working/m-p/341023#M62876 henbarlevi 2017-11-01T14:33:40Z Re: Splunk Enterprise trial - Http Event Collector not working https://community.splunk.com/t5/Getting-Data-In/Splunk-Enterprise-trial-Http-Event-Collector-not-working/m-p/341024#M62877 <P>hello, This issue may be due to url.. try <A href="http://localhost:8088/services/collector/raw">http://localhost:8088/services/collector/raw</A></P> <P><STRONG>OR</STRONG> </P> <P>refer below steps for Splunk Enterprise version :</P> <P><A href="http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/UsetheHTTPEventCollector">http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/UsetheHTTPEventCollector</A></P> <P><STRONG>Create an Event Collector token</STRONG><BR /> To use HEC, you must configure at least one token.</P> <P>Click Settings &gt; Data inputs<BR /> Click <STRONG>HTTP Event Collector.</STRONG><BR /> click <STRONG>New Token</STRONG><BR /> Enter name=abc <BR /> click next<BR /> click <STRONG>Create a new index</STRONG><BR /> Enter Index Name=abc<BR /> from dropdown select <STRONG>abc</STRONG> i.e default index =abc<BR /> same way select <STRONG>abc</STRONG> from <STRONG>Select Allowed Indexes</STRONG> option<BR /> click review<BR /> click submit<BR /> keep that Token Value with you ..</P> <P><STRONG>Enable HTTP Event Collector</STRONG><BR /> Click Settings &gt; Data Inputs.<BR /> Click HTTP Event Collector.<BR /> Click Global Settings.<BR /> click <STRONG>Enabled</STRONG><BR /> then clear all checked boxes and select default index =abc<BR /> click save</P> <P>Now go to Postman :</P> <P>Select POST method<BR /> url : <A href="http://localhost:8088/services/collector/raw">http://localhost:8088/services/collector/raw</A><BR /> select Headers tab : key =Authorization and value = Splunk &lt;<STRONG>your token</STRONG>&gt;<BR /> in the body tab : select raw and write your message<BR /> click send</P> <P>Now in the splunk search for : index="abc"</P> Fri, 10 Nov 2017 10:37:11 GMT https://community.splunk.com/t5/Getting-Data-In/Splunk-Enterprise-trial-Http-Event-Collector-not-working/m-p/341024#M62877 anjambha 2017-11-10T10:37:11Z