Getting Data In

Debug HEC input

vadimm
New Member

How debug HEC input?
To see incoming JSON?

0 Karma

PavelP
Motivator

Hello @vadimm

what is a problem you facing with? Do you need to debug the HEC input configuration or data itself? To see incoming JSON on the wire or before, during and after splunk processing?

to see JSON transmitted on the wire use tcpdump for HTTP input, some MitM Proxy for HTTPS input. Much easier if you can access the sending client.

Describe the situation with more than two sentences.

0 Karma

vadimm
New Member

On wire - not variant.
HTTPS and computer is same. On wire nothing emitted.
I get "Unable parse JSON" at DB Connect 3.3.0.
Want debug it.

0 Karma

PavelP
Motivator

@vadimm, describe your envrionment. First you mentioned HEC input, now you mentioned DB Connect, they are not related 🙂

0 Karma

vadimm
New Member

They is completely related 🙂
Output of DB Connect is input for HEC 🙂

0 Karma

PavelP
Motivator

your are right. But if you get an error on the DB Connect input phase, why you try to debug the HEC ?

please describe your environment. You wrote: HTTPS and computer are the same - what do you mean by this? Is this pipeline correct? And it is all on one and the same system? :

SQL DB -> DB Connect input -> Splunk -> HEC (HTTP Event Collector) input -> Splunk?

0 Karma

vadimm
New Member

Guess where DB connect use JSON format 😉
I`m wrote "Output of DB Connect is input for HEC".
Debug HEC input is logical, not?

HEC data input and add-on DB Connect installed on one computer. DB Connect use HTTPS and HEC, not pipeline :^-)

At last chain, "Splunk" is excessive. And not "DB Connect INPUT" 🙂
SQL DB - DB Connect - HEC

0 Karma
Get Updates on the Splunk Community!

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Register today and join TekStream on Tuesday, February 28 at 11am PT/2pm ET for a demonstration of Splunk ...

Instrumenting Java Websocket Messaging

Instrumenting Java Websocket MessagingThis article is a code-based discussion of passing OpenTelemetry trace ...

Announcing General Availability of Splunk Incident Intelligence!

Digital transformation is real! Across industries, companies big and small are going through rapid digital ...