Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

HTTP Event Collector not working after update

bshega
Explorer
‎10-18-2016 05:55 AM

Hello,

We have recently set up a Splunk instance and I configured an HTTP Event Collector and everything was working great. Well I think our IT department decided to update our Splunk to the latest version and now the Event Collector isn't working anymore. I'm getting a success response back after a curl or our API but none of the data is being found in search, the old sources I had set up prior to the update are now missing. I tried removing the existing tokens to make new ones but that isn't working either.

Any ideas on what could be the cause of this?

Thanks,
Brandon

0 Karma
Reply

starcher
Influencer
‎02-09-2017 06:24 PM

Check that you do not have useDeploymentServer = 1 sent in the HEC config to the HF. That should only be active on your deployment server. Not sent the heavy forwarders acting as HEC inputs.

0 Karma
Reply

bpitts2
Path Finder
‎10-18-2016 06:08 AM

Review the splunkd logs from the forwarder hosting the event collector. I found issues with JSON line breaking that was preventing mine from working correctly.

0 Karma
Reply

bshega
Explorer
‎10-18-2016 06:21 AM

Ok I'm not really sure where that is, but I did go into settings and noticed that both Splunk Forwarder and Splunk Light Forwarder are disabled, could this be the cause?

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...

Network to App: Observability Unlocked [May & June Series]

In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...

SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...