I followed http://dev.splunk.com/view/event-collector/SP-CAAAE62 for HTTP Event Collector and am able to run successfully through Eclipse which I can see the input what I passed and it got resulted in the console, but I was not able to see the same input in Splunk. I used same log4j2 as mentioned and gave the Splunk host and token.
My log4j looks like,
<Http name="http" url="https://http-inputs-******-ma.splunkcloud.com/services/collector/event" token="*******-***-****-****-**********" disableCertificateValidation="true" batch_size_count="1"> <PatternLayout pattern="%m" /> </Http> </Appenders>
Note : I did test the same with curl. It works and I can see the message.
So you are testing from Eclipse and you're not seeing anything getting posted? Can you verify that your code tried to connect to your event collector endpoint?
@Jeremiah I can able to see the output in my Eclipse console but not in Splunk. Your ask about "try to connect to your event collector", I just done the same way what the url mentioned seems the connection between my code and HEC is not happening through log4j2. Do you know any other way to test and see the connection is happening in java.
@San55240, try removing "/services/collector/event" for the url, the logging library sets this. I noticed you did not set the port, is your HEC instance on port 80?
@gblock I tried removing "/services/collector/event", Still not able to see the logs in Splunk. Yes ,My HEC instance port is running on 80.
It worked when I tried same host and token by curl. Did anyone tried this eclipse example
Also did you check the lambda logs to see if there was an error?
I created the original Eclipse example, so I know it can work as I had a working version which I passed off to our docs team. This is against a managed Splunk cloud instance yes?