This is probably a stupid question where can I find the <host> for the HEC URI
<protocol>://<host>:<port>/<endpoint>
I am using the server name in the server.conf for <host>but that isn't working. Also tried the IP address of my instance and that isn't working either.
What am I missing?
Thanks
Hi @adasteph123,
it should work using both hostname or (better) IP of the Splunk serv er where you enabled HEC input.
If it doesn't run you have to check at first if the route between tager server and Splunk server is open, then you have to check if the token is correct.
For more infos see at https://docs.splunk.com/Documentation/Splunk/9.0.0/Data/UsetheHTTPEventCollector or at https://dev.splunk.com/enterprise/docs/devtools/httpeventcollector/
Ciao.
Giuseppe