Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Enterprise trial - Http Event Collector not working

henbarlevi
Engager
‎11-01-2017 07:33 AM

I've installed the splunk enterprise trial. i've enabled the HEC feature as described here http://dev.splunk.com/view/event-collector/SP-CAAAE7F which enable to send machine data from my app into splunk. I tried to send a POST request using postman to splunk and got no response.

method: POST
url : http://localhost:8088/services/collector
Authorization : my generated token

why there is no response if i already enabled the HEC feature. it seems that no server listen on that port at all

what i don't understand about splunk is - where is my data stored? is data for SPLUNK ENTERPRISE stored only locally and should be in use inside companies LAN network ? or splunk own servers in the cloud that stored all my data? is Splunk Enterprise and Splunk Cloud have differences on that subject?

thank you for your help.

Reply

anjambha
Communicator
‎11-10-2017 02:37 AM

hello, This issue may be due to url.. try http://localhost:8088/services/collector/raw

OR

refer below steps for Splunk Enterprise version :

http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/UsetheHTTPEventCollector

Create an Event Collector token
To use HEC, you must configure at least one token.

Click Settings > Data inputs
Click HTTP Event Collector.
click New Token
Enter name=abc
click next
click Create a new index
Enter Index Name=abc
from dropdown select abc i.e default index =abc
same way select abc from Select Allowed Indexes option
click review
click submit
keep that Token Value with you ..

Enable HTTP Event Collector
Click Settings > Data Inputs.
Click HTTP Event Collector.
Click Global Settings.
click Enabled
then clear all checked boxes and select default index =abc
click save

Now go to Postman :

Select POST method
url : http://localhost:8088/services/collector/raw
select Headers tab : key =Authorization and value = Splunk <your token>
in the body tab : select raw and write your message
click send

Now in the splunk search for : index="abc"

0 Karma
Reply
Get Updates on the Splunk Community!

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...

Data Management Digest – November 2025

  Welcome to the inaugural edition of Data Management Digest! As your trusted partner in data innovation, the ...