Getting isHttpOutConfigured=NOT_CONFIGURED in Splu...

prajwal_94 · ‎06-17-2024

I had defined the complete path in inputs.conf and restarted the Splunkforwarder but got error in Splunkd logs.

Kindly refer the attachment.

prajwal_94 · ‎06-18-2024

Hi @richgalloway ,Thanks for the reply but may I know what needs to be done here so that data is forwarded to indexer and then search results are obtained.

richgalloway · ‎06-18-2024

You've already done what is necessary. A TCP connection to the indexer(s) is all you need.

Forwarders are a one-way device. They send data to indexers, but do not obtain search results. Searches and their results go through a search head.

---
If this reply helps you, Karma would be appreciated.

prajwal_94 · ‎06-19-2024

Hi @richgalloway ,even TCP connection is setup to the indexer and its port. No firewall blocking as well but still no events being returned on search.

richgalloway · ‎06-17-2024

The message appears because httpout is not configured. The outputs.conf file shown defines tcpout, not httpout. Since the [httpout] stanza is optional, these INFO messages can be ignored.

---
If this reply helps you, Karma would be appreciated.

Getting isHttpOutConfigured=NOT_CONFIGURED in Splunkd logs

universal forwarder

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation