Getting Data In

HttpListener - Socket error from 10.23.132.224:49352: Connection closed by peer

rashi83
Path Finder

Hi, I am getting this error and after that HEC stops sending the events to Splunk. Also, seeing these errors -

ttpListener - Read Timeout communicating with 10.23.132.224:50926, disconnecting

Any idea why events stops coming to SPlunk?

Tags (1)
0 Karma

vsai0718
Path Finder

Is there any firewall blocking the communication between the server and HEC's server. Try telnet from the server you're looking to send the logs to the HEC. If it is good, debug it by using curl for HEC

curl -k http://IP_of_HEC_host:8088/services/collector -H 'Authorization: Splunk token' -d '{"sourcetype": "sourcetype_of_HEC_configured", "event":"Hello, World!"}'

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...