Hi,
We have just upgraded to 9.1.1 and our HEC seems to have stopped working.
Calling it from a simple PowerShell script worked the day before and running it now throws this error :
Unable to connect to the remote server
No connection could be made because the target machine actively refused it xxx.xxx.xxx.xxx:8088
So, headed over to the Forwarder where it should be listening, and the tokens do still exist in the Inputs.conf in "/opt/splunkforwarder/etc/apps/splunk_httpinput/local"
However, issuing the list command gives us the following :
$SPLUNK_HOME/bin/splunk http-event-collector list -uri https://localhost:8089
Token Not Found
The HEC is Enabled in the Global Settings but we are also not seeing anything listening on Port 8088
Splunk Enterprise on a Linux build.
Hi,
yes, that's exactly what I did and that fixed the issue in my case :).
Thanks !
Ema
Hi,
So sorry. I though I had update and resolved this message.
As I was trying to get logged in (it took a while!), you sent the other update. That was not the fix for me.
While I had a case open for while with Splunk, I cam across this fix :
On the Forwarder :
/opt/splunkforwarder/etc/system/local/server.conf
Add this Stanza :
[httpServer]
mgmtMode = tcp
Regards.
Hello,
Same symptoms here upgrading from 9.0.5 to 9.1.3...
Did you find out what was the workaround ?
What did you do ?
Thanks !
Ema