Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

HTTP event collector 404 error

evanwyk11
Engager
‎10-14-2016 04:58 AM

Good Day

I've got two issues with my HTTP event collector.

1st issue:
I created an event collector when I installed Splunk 6.3, that worked fine I since then upgraded to splunk 6.5 - I then deleted my event collector but was still able to POST to the URL

I then uninstalled splunk from my server, and installed it from scratch but still experienced the issue above, Does anyone know where I could look to see why the HEC configurations still remain

2nd Issue
Whenever I add a new HEC i get the following error
{
"text": "The requested URL was not found on this server.",
"code": 404
}

I have read all the docs and lots of blog posts, with no luck of how to resolve these issues

I am using google Postman and Curl run a post to my HEC

Thanks

Edson

Reply

andrewjgriffin
Engager
‎06-14-2017 01:31 PM

check etc/local/inputs.conf - I've seen upgrades reset the "disabled" setting in there from 0 to 1

0 Karma
Reply

starcher
Influencer
‎10-16-2016 07:02 AM

HEC configs are in $SPLUNK_HOME/etc/apps/splunk_httpinput
Did you check that you turned HEC back on in the Global Settings button after reinstall? I believe you can create tokens and not have the option "on".

0 Karma
Reply

evanwyk11
Engager
‎10-17-2016 05:00 AM

Hi starcher

I have checked that the HEC is turned on in the global settings, I have two tokens created. But currently only the one token works and the other token gives me a 404 error - both are configured the same.
Are there any other setting that I am missing?

0 Karma
Reply

starcher
Influencer
‎10-30-2016 02:34 PM

You can try running btool and see if it lists your other token and what app it is coming from.

splunk cmd btool --debug inputs list http

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Enterprise Security: Your Command Center for PCI DSS Compliance

Every security professional knows the drill. The PCI DSS audit is approaching, and suddenly everyone's asking ...

Developer Spotlight with Guilhem Marchand

From Splunk Engineer to Founder: The Journey Behind TrackMe    After spending over 12 years working full time ...

Cisco Catalyst Center Meets Splunk ITSI: From 'Payments Are Down' to Root Cause in ...

The Problem: When Networks and Services Don't Talk Payment systems fail at a retail location. Customers are ...