Hi,
I called support for this query and I was asked to write a question here, since i am on a free trial. So here is the question.
I am trying out splunk and want to see how http event collectors work with AWS. I followed all instructions and yet following command times out.
curl -k https://input-prd-p-**domain-name-copied-from-the-console-url!**.cloud.splunk.com:8088/services/coll... -H 'Authorization: Splunk D3F0A947-A790-48F3-852F-D981DA2CC2C4' -d '{"sourcetype": "mysourcetype", "event":"Hello, World!"}'
Instructions followed:
1. Enabled hec tokens in Global settings
2. Created and enabled a new token.
Based on the documentation i came across, this may be because http event collectors are not enabled (or port 8088 has not been opened) for a Splunk Cloud-free trial account. Can somebody help me fix this? Is it really a process that for a free trial of a splunk cloud, you need to write a question in the forum to get http event collection enabled? Or am I missing something in my configuration?
Thanks and Regards
Kanchan
I am having the same issue. I setup Ansible and Splunk according to the documentation and get this when i hit the port with a browser:
http://splunkserver:8088/services/collector/event/
{"text":"The requested URL was not found on this server.","code":404}
Splunkcloud self service instances already have the port 8088 open and ready for HEC. (the splunkcloud managed clusters are different, and require a support case to setup the HEC)
Your url shows that you are in a self service cloud instance :https://input-prd-p ...
Can you try to reach the port 8088 with telnet to confirm ?