Getting Data In

HTTP Event Collector Connection Actively Refused after upgrading from 9.0.5 to 9.1.1 (No Token Found)



We have just upgraded to 9.1.1 and our HEC seems to have stopped working. 

Calling it from a simple PowerShell script worked the day before and running it now throws this error :

Unable to connect to the remote server
No connection could be made because the target machine actively refused it

So, headed over to the Forwarder where it should be listening, and the tokens do still exist in the Inputs.conf in "/opt/splunkforwarder/etc/apps/splunk_httpinput/local"

However, issuing the list command gives us the following :

$SPLUNK_HOME/bin/splunk http-event-collector list -uri https://localhost:8089

Token Not Found

The HEC is Enabled in the Global Settings but we are also not seeing anything listening on Port 8088

Splunk Enterprise on a Linux build.

Labels (2)
Tags (1)
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...