Solved: Why are HTTP Event Collector events not appearing ...

NickLaurent · ‎04-27-2017

Hello fellow Splunkers,
I need some help with HEC (HTTP Event Collector). The problem is that no events are appearing in any indexes. To simplify the issue I set up a test HEC config without SSL (http). I use the curl command with an event "Hello World!" I get a status 200 successful. Let nothing in the indexes.
Environment:
Windows 10, with Splunk Enterprise:
HEC, three unique Tokens with same Sourcetypes, different indexes.

1 Arduino setup to sent events via HEC
1 PI setup to send events via HEC
1 MAC for testing HEC using a curl command.

Thanks

Nick

starcher · ‎09-29-2017

You will have to find someone's code or write your own for Arduino. But on a PI/Mac you can use Python and here is an existing HEC class for it. https://github.com/georgestarcher/Splunk-Class-httpevent

View solution in original post

starcher · ‎09-29-2017

You will have to find someone's code or write your own for Arduino. But on a PI/Mac you can use Python and here is an existing HEC class for it. https://github.com/georgestarcher/Splunk-Class-httpevent

Why are HTTP Event Collector events not appearing the index?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?