Dashboards & Visualizations

Need help generating Http Event Collector Token

garyfj
New Member

Hi all, I can't seem to generate a HEC token.

Help is appreciated

alt text

0 Karma

manjunathmeti
Champion

Set App Context to "splunk_httpinput" app in Input Settings.

If you use search app then updates will be written to:
C:\Program Files\Splunk\etc\apps\search\local\inputs.conf

0 Karma

jethrop
Explorer

The account that splunk is running as, does it have rights in that denied directory? Also, to test, have you tried creating this with an admin account to check it's not a weird permissions problem?

0 Karma

garyfj
New Member

The account does have full access to the directory. I am also creating the token with an admin account.

I'm looking at two conf files for this but there doesn't seem to be permission issues

C:\Program Files\Splunk\etc\apps\splunk_httpinput\default\inputs.conf
C:\Program Files\Splunk\etc\deployment-apps\splunk_httpinput\local\inputs.conf

0 Karma

jethrop
Explorer

Splunk version?

anything more in splunkd.log?

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...