Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

HTTP Event Collector not working after update

bshega
Explorer
‎10-18-2016 05:55 AM

Hello,

We have recently set up a Splunk instance and I configured an HTTP Event Collector and everything was working great. Well I think our IT department decided to update our Splunk to the latest version and now the Event Collector isn't working anymore. I'm getting a success response back after a curl or our API but none of the data is being found in search, the old sources I had set up prior to the update are now missing. I tried removing the existing tokens to make new ones but that isn't working either.

Any ideas on what could be the cause of this?

Thanks,
Brandon

0 Karma
Reply

starcher
Influencer
‎02-09-2017 06:24 PM

Check that you do not have useDeploymentServer = 1 sent in the HEC config to the HF. That should only be active on your deployment server. Not sent the heavy forwarders acting as HEC inputs.

0 Karma
Reply

bpitts2
Path Finder
‎10-18-2016 06:08 AM

Review the splunkd logs from the forwarder hosting the event collector. I found issues with JSON line breaking that was preventing mine from working correctly.

0 Karma
Reply

bshega
Explorer
‎10-18-2016 06:21 AM

Ok I'm not really sure where that is, but I did go into settings and noticed that both Splunk Forwarder and Splunk Light Forwarder are disabled, could this be the cause?

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top