We have just upgraded to 9.1.1 and our HEC seems to have stopped working.
Calling it from a simple PowerShell script worked the day before and running it now throws this error :
Unable to connect to the remote serverNo connection could be made because the target machine actively refused it xxx.xxx.xxx.xxx:8088
So, headed over to the Forwarder where it should be listening, and the tokens do still exist in the Inputs.conf in "/opt/splunkforwarder/etc/apps/splunk_httpinput/local"
However, issuing the list command gives us the following :
$SPLUNK_HOME/bin/splunk http-event-collector list -uri https://localhost:8089
Token Not Found
The HEC is Enabled in the Global Settings but we are also not seeing anything listening on Port 8088
Splunk Enterprise on a Linux build.