Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

HTTP event collector 404 error

evanwyk11
Engager
‎10-14-2016 04:58 AM

Good Day

I've got two issues with my HTTP event collector.

1st issue:
I created an event collector when I installed Splunk 6.3, that worked fine I since then upgraded to splunk 6.5 - I then deleted my event collector but was still able to POST to the URL

I then uninstalled splunk from my server, and installed it from scratch but still experienced the issue above, Does anyone know where I could look to see why the HEC configurations still remain

2nd Issue
Whenever I add a new HEC i get the following error
{
"text": "The requested URL was not found on this server.",
"code": 404
}

I have read all the docs and lots of blog posts, with no luck of how to resolve these issues

I am using google Postman and Curl run a post to my HEC

Thanks

Edson

Reply

andrewjgriffin
Engager
‎06-14-2017 01:31 PM

check etc/local/inputs.conf - I've seen upgrades reset the "disabled" setting in there from 0 to 1

0 Karma
Reply

starcher
Influencer
‎10-16-2016 07:02 AM

HEC configs are in $SPLUNK_HOME/etc/apps/splunk_httpinput
Did you check that you turned HEC back on in the Global Settings button after reinstall? I believe you can create tokens and not have the option "on".

0 Karma
Reply

evanwyk11
Engager
‎10-17-2016 05:00 AM

Hi starcher

I have checked that the HEC is turned on in the global settings, I have two tokens created. But currently only the one token works and the other token gives me a 404 error - both are configured the same.
Are there any other setting that I am missing?

0 Karma
Reply

starcher
Influencer
‎10-30-2016 02:34 PM

You can try running btool and see if it lists your other token and what app it is coming from.

splunk cmd btool --debug inputs list http

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...