Hi all, I can't seem to generate a HEC token.
Help is appreciated
Set App Context to "splunk_httpinput" app in Input Settings.
If you use search app then updates will be written to:
The account that splunk is running as, does it have rights in that denied directory? Also, to test, have you tried creating this with an admin account to check it's not a weird permissions problem?
The account does have full access to the directory. I am also creating the token with an admin account.
I'm looking at two conf files for this but there doesn't seem to be permission issues
anything more in splunkd.log?