IndexProcessor - "Waiting for HTTPServer to start"...

Getting Data In

Hi,

I'm running splunk in a distributed environment and the web console for creating HEC tokens presented various issues that lead me to creating them using config files as per the documentation. However with my new token configuration (it's fine without it) the splunk service will not start and the last log found in $SPLUNK_HOME/var/log/splunk/splunkd.log is:

INFO IndexProcessor - initClustering (peer): Waiting for HTTPServer to start...

here is the config I added in $SPLUNK_HOME/etc/apps/splunk_httpinput/local/inputs.conf:

[http://<token_name>]
description = ...
disabled = 0
index = <index_name>
sourcetype = ...
token = <token_value>

I'll note that the index name I used isn't actually an existing index, and I realise I'll have to configure the index before using it but even with that line commented out, I get the same issue.

Any help would be greatly appreciated and of course, I'd be happy to help out with more info wherever needed.

Thanks

Get Updates on the Splunk Community!

IndexProcessor - "Waiting for HTTPServer to start" when using config files to create token

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Automating Threat Operations and Threat Hunting with Recorded Future

Join the Conversation