Getting Data In

HTTP Event Collector Connection Actively Refused after upgrading from 9.0.5 to 9.1.1 (No Token Found)

C_Lawrence
Engager

Hi,

We have just upgraded to 9.1.1 and our HEC seems to have stopped working. 

Calling it from a simple PowerShell script worked the day before and running it now throws this error :

Unable to connect to the remote server
No connection could be made because the target machine actively refused it xxx.xxx.xxx.xxx:8088

So, headed over to the Forwarder where it should be listening, and the tokens do still exist in the Inputs.conf in "/opt/splunkforwarder/etc/apps/splunk_httpinput/local"

However, issuing the list command gives us the following :

$SPLUNK_HOME/bin/splunk http-event-collector list -uri https://localhost:8089

Token Not Found

The HEC is Enabled in the Global Settings but we are also not seeing anything listening on Port 8088

Splunk Enterprise on a Linux build.

Labels (2)
Tags (1)
Get Updates on the Splunk Community!

Observability | How to Think About Instrumentation Overhead (White Paper)

Novice observability practitioners are often overly obsessed with performance. They might approach ...

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

IDC Report: Enterprises Gain Higher Efficiency and Resiliency With Migration to Cloud  Today many enterprises ...

The Great Resilience Quest: 10th Leaderboard Update

The tenth leaderboard update (11.23-12.05) for The Great Resilience Quest is out >> As our brave ...