Getting Data In

HttpListener - Socket error from 10.23.132.224:49352: Connection closed by peer

rashi83
Path Finder

Hi, I am getting this error and after that HEC stops sending the events to Splunk. Also, seeing these errors -

ttpListener - Read Timeout communicating with 10.23.132.224:50926, disconnecting

Any idea why events stops coming to SPlunk?

Tags (1)
0 Karma

vsai0718
Path Finder

Is there any firewall blocking the communication between the server and HEC's server. Try telnet from the server you're looking to send the logs to the HEC. If it is good, debug it by using curl for HEC

curl -k http://IP_of_HEC_host:8088/services/collector -H 'Authorization: Splunk token' -d '{"sourcetype": "sourcetype_of_HEC_configured", "event":"Hello, World!"}'

0 Karma
Get Updates on the Splunk Community!

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...

Want to Reduce Costs, Mitigate Risk, Improve Performance, or Increase Efficiencies? ...

Splunk Lantern is Splunk’s customer success center that provides advice from Splunk experts on valuable data ...