Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

HTTP event collector 404 error

evanwyk11
Engager
‎10-14-2016 04:58 AM

Good Day

I've got two issues with my HTTP event collector.

1st issue:
I created an event collector when I installed Splunk 6.3, that worked fine I since then upgraded to splunk 6.5 - I then deleted my event collector but was still able to POST to the URL

I then uninstalled splunk from my server, and installed it from scratch but still experienced the issue above, Does anyone know where I could look to see why the HEC configurations still remain

2nd Issue
Whenever I add a new HEC i get the following error
{
"text": "The requested URL was not found on this server.",
"code": 404
}

I have read all the docs and lots of blog posts, with no luck of how to resolve these issues

I am using google Postman and Curl run a post to my HEC

Thanks

Edson

Reply

andrewjgriffin
Engager
‎06-14-2017 01:31 PM

check etc/local/inputs.conf - I've seen upgrades reset the "disabled" setting in there from 0 to 1

0 Karma
Reply

starcher
Influencer
‎10-16-2016 07:02 AM

HEC configs are in $SPLUNK_HOME/etc/apps/splunk_httpinput
Did you check that you turned HEC back on in the Global Settings button after reinstall? I believe you can create tokens and not have the option "on".

0 Karma
Reply

evanwyk11
Engager
‎10-17-2016 05:00 AM

Hi starcher

I have checked that the HEC is turned on in the global settings, I have two tokens created. But currently only the one token works and the other token gives me a 404 error - both are configured the same.
Are there any other setting that I am missing?

0 Karma
Reply

starcher
Influencer
‎10-30-2016 02:34 PM

You can try running btool and see if it lists your other token and what app it is coming from.

splunk cmd btool --debug inputs list http

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...