Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

HTTP event collector 404 error

evanwyk11
Engager
‎10-14-2016 04:58 AM

Good Day

I've got two issues with my HTTP event collector.

1st issue:
I created an event collector when I installed Splunk 6.3, that worked fine I since then upgraded to splunk 6.5 - I then deleted my event collector but was still able to POST to the URL

I then uninstalled splunk from my server, and installed it from scratch but still experienced the issue above, Does anyone know where I could look to see why the HEC configurations still remain

2nd Issue
Whenever I add a new HEC i get the following error
{
"text": "The requested URL was not found on this server.",
"code": 404
}

I have read all the docs and lots of blog posts, with no luck of how to resolve these issues

I am using google Postman and Curl run a post to my HEC

Thanks

Edson

Reply

andrewjgriffin
Engager
‎06-14-2017 01:31 PM

check etc/local/inputs.conf - I've seen upgrades reset the "disabled" setting in there from 0 to 1

0 Karma
Reply

starcher
Influencer
‎10-16-2016 07:02 AM

HEC configs are in $SPLUNK_HOME/etc/apps/splunk_httpinput
Did you check that you turned HEC back on in the Global Settings button after reinstall? I believe you can create tokens and not have the option "on".

0 Karma
Reply

evanwyk11
Engager
‎10-17-2016 05:00 AM

Hi starcher

I have checked that the HEC is turned on in the global settings, I have two tokens created. But currently only the one token works and the other token gives me a 404 error - both are configured the same.
Are there any other setting that I am missing?

0 Karma
Reply

starcher
Influencer
‎10-30-2016 02:34 PM

You can try running btool and see if it lists your other token and what app it is coming from.

splunk cmd btool --debug inputs list http

0 Karma
Reply
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...