Hello,
I understand that the HTTP Event Collector receives data over HTTPS on TCP port 8088 by default.
What i am wondering is if i have virtual machines running in the Azure cloud, do i need to open both inbound and outbound port 8088 in the Azure portal firewall settings?
Also, I was hoping to disable HTTPS by clicking on the Global Settings button at the top of the HTTP Event Collector management page in Splunk Cloud, but i see that it's greyed out. I am in the admin role so is this changeable?
Hi @mark-jones,
You can try with -k option to disable the certificate check;
curl -k https://prd-p-dfnly.splunkcloud.com:8088/services/collector/event -H "Authorization: Splunk d44e106b-####-####-####-e7a44409e65c" -d "{\"event\": \"hello world\"}\" {\"text\": \"Success\", \"code\": \"0}"
Hi @mark-jones,
If you are using trial Splunk Cloud HEC port is 8088, but on production it is 443.
If you will collect data from virtual machines running on Azure , only outbound firewall rules will be enough. Connection is normal HTTP requests, that is why only one direction is enough.
Splunk Cloud does not allow changing HEC global settings.
Hi scelikok
Thank you for the info.
If the trial Splunk Cloud does not allow changing the global settings to disable https, then i am now running into the issue with the following error message when trying to perform a simple curl command to test sending data to the indexer.
curl https://prd-p-dfnly.splunkcloud.com:8088/services/collector/event -H "Authorization: Splunk d44e106b-####-####-####-e7a44409e65c" -d "{\"event\": \"hello world\"}\" {\"text\": \"Success\", \"code\": \"0}"
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
I verified the outbound ports are open and was able to ping prd-p-dfnly.splunkcloud.com:8088