Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Enterprise trial - Http Event Collector not working

henbarlevi
Engager
‎11-01-2017 07:33 AM

I've installed the splunk enterprise trial. i've enabled the HEC feature as described here http://dev.splunk.com/view/event-collector/SP-CAAAE7F which enable to send machine data from my app into splunk. I tried to send a POST request using postman to splunk and got no response.

method: POST
url : http://localhost:8088/services/collector
Authorization : my generated token

why there is no response if i already enabled the HEC feature. it seems that no server listen on that port at all

what i don't understand about splunk is - where is my data stored? is data for SPLUNK ENTERPRISE stored only locally and should be in use inside companies LAN network ? or splunk own servers in the cloud that stored all my data? is Splunk Enterprise and Splunk Cloud have differences on that subject?

thank you for your help.

Reply

anjambha
Communicator
‎11-10-2017 02:37 AM

hello, This issue may be due to url.. try http://localhost:8088/services/collector/raw

OR

refer below steps for Splunk Enterprise version :

http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/UsetheHTTPEventCollector

Create an Event Collector token
To use HEC, you must configure at least one token.

Click Settings > Data inputs
Click HTTP Event Collector.
click New Token
Enter name=abc
click next
click Create a new index
Enter Index Name=abc
from dropdown select abc i.e default index =abc
same way select abc from Select Allowed Indexes option
click review
click submit
keep that Token Value with you ..

Enable HTTP Event Collector
Click Settings > Data Inputs.
Click HTTP Event Collector.
Click Global Settings.
click Enabled
then clear all checked boxes and select default index =abc
click save

Now go to Postman :

Select POST method
url : http://localhost:8088/services/collector/raw
select Headers tab : key =Authorization and value = Splunk <your token>
in the body tab : select raw and write your message
click send

Now in the splunk search for : index="abc"

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...