I am trying to send data to a Splunk Cloud free trial account.
Following the documentation here: https://docs.splunk.com/Documentation/Splunk/8.2.6/Data/UsetheHTTPEventCollector
This is what I should use
You must send data using a specific URI for HEC.
The standard form for the HEC URI in Splunk Cloud Platform free trials is as follows:
<protocol>://http-inputs.<host>.splunkcloud.com:<port>/<endpoint>
But the domain name does not exist (the subdomain with http-inputs. part)
Is the documentation wrong? How do I get this working?
That kind of goes against the documentation then.
I've done some investigating...
Looking at outputs.conf of the bundled forwarder app, there is a single host associated with the trial instance. I'm now assuming this "free-trial" service is just a cloud provisioned "pseudo" "Splunk Enterprise" instance.
I've also just confirmed that port 8088 is open on the stack address.
Based on that, I've just tested following the instructions for basic Splunk Enterprise and it works...
So the answer is... For Splunk Cloud trials as of 06 May 2022, use the Splunk Enterprise config, being
https://<stack>.splunkcloud.com:8088/services/collector/event
FYI: @jmeager_splunk
Hi
If I recall right this is still not possible on SC trial?
r. Ismo
That kind of goes against the documentation then.
I've done some investigating...
Looking at outputs.conf of the bundled forwarder app, there is a single host associated with the trial instance. I'm now assuming this "free-trial" service is just a cloud provisioned "pseudo" "Splunk Enterprise" instance.
I've also just confirmed that port 8088 is open on the stack address.
Based on that, I've just tested following the instructions for basic Splunk Enterprise and it works...
So the answer is... For Splunk Cloud trials as of 06 May 2022, use the Splunk Enterprise config, being
https://<stack>.splunkcloud.com:8088/services/collector/event
FYI: @jmeager_splunk
Hi @Phil, I came across your post because I was trying to solve an issue I was getting. I set up a free splunk cloud trial account and am using the url to send data through the Event Collector and am still receiving this error:
"last_error": "Post \"https://prd-p-9vxw3.splunkcloud.com:8088/services/collector/event\": dial tcp: lookup prd-p-9vxw3.splunkcloud.com on 10.4.0.10:53: no such host", "last_message": "Incorrect Splunk HEC URL",
Even after disabling TLS as well for the Splunk Cloud Free Trial account. Do you have any idea why my URL is "incorrect"?
Thanks!
Good morning
I have the same problem, but I'm checking the answers, and I'm missing some (maybe obvious) concept
Which is <stack> in this scenario?
I have just created the trial account, and I access to console in
https://prd-p-xxxxx.splunkcloud.com/
(xxxxx for redacting the code - I imagine is important)
Which is the stack in this case? And the HEC endpoint?
Just make it match your cloud stack URL...
In your case just like the below but make replacing your masking x's with what is in your stack's URL
https://prd-p-xxxxx.splunkcloud.com:8088/services/collector/event