Dashboards & Visualizations
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Index name not showing up HTTP Event Collector(HEC) new token creation

gnanaraj_mcc
Loves-to-Learn Lots
‎04-23-2018 07:36 AM

Hi,
For PCF (Pivotal Cloud Foundry). i am using HEC on the heavy forwarder. i have created a new index for these events. while generating the token, Available item(s) for index is showing main, history, summary and default.
it is not showing the index which i have created.

what is that i am missing.

should i leave it default and when PCF connects using the token, it will get updated to the index which i specify in PCF?

thank you

0 Karma
Reply

Santhosh_LMI
Engager
‎04-23-2018 10:43 AM

I have the same issue. We are using Splunk Intermediate forwarder through AWS. I am seeing indexes and the index what I need is not there.

0 Karma
Reply

adonio
Ultra Champion
‎04-23-2018 10:38 AM

create the index also on the HF so itts name populates to your dropdown
otherwise, manually edit inputs.conf

Reply

Santhosh_LMI
Engager
‎12-04-2018 11:16 AM

We are using SplunkCloud. Yesterday Splunk upgraded the version with 7.0.5 and that has fix . Now I can see all the indexes in HEC

0 Karma
Reply

davidaj
Explorer
‎12-05-2018 07:17 AM

We are currently on 7.0.4 in our cert environment. I will see about updating to see if the behavior changes. Thanks.

0 Karma
Reply

davidaj
Explorer
‎12-04-2018 06:46 AM

Would this apply to a distributed environment? We are having a similar issue trying to generate tokens from the cluster master but only seeing the default indexes as options and not our custom indexes.

0 Karma
Reply

sloshburch
Ultra Champion
‎12-04-2018 11:07 AM

Yea, exactly. The UI itself won't show the indexes on your indexers. I deploy a listing of the indexes to many places for this reason (but make sure no local indexing occurs - just forwarding to indexers).

0 Karma
Reply

davidaj
Explorer
‎12-05-2018 07:16 AM

Okay, thanks.

0 Karma
Reply

sloshburch
Ultra Champion
‎05-10-2018 05:57 AM

Bingo. The definition of the index needs to exist on that HF instance in order for it to display on the dropdowns in the UI. As long as you have the data forwarding (not indexAndForward) from HF to Indexers then the index defined on the HF will only be a definition and contain no data.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk on November 6 at 11AM PT, and empower your SOC to reach new heights! Duration: ...

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...