Solved: Why are HTTP Event Collector events not appearing ...

NickLaurent · ‎04-27-2017

Hello fellow Splunkers,
I need some help with HEC (HTTP Event Collector). The problem is that no events are appearing in any indexes. To simplify the issue I set up a test HEC config without SSL (http). I use the curl command with an event "Hello World!" I get a status 200 successful. Let nothing in the indexes.
Environment:
Windows 10, with Splunk Enterprise:
HEC, three unique Tokens with same Sourcetypes, different indexes.

1 Arduino setup to sent events via HEC
1 PI setup to send events via HEC
1 MAC for testing HEC using a curl command.

Thanks

Nick

starcher · ‎09-29-2017

You will have to find someone's code or write your own for Arduino. But on a PI/Mac you can use Python and here is an existing HEC class for it. https://github.com/georgestarcher/Splunk-Class-httpevent

View solution in original post

starcher · ‎09-29-2017

You will have to find someone's code or write your own for Arduino. But on a PI/Mac you can use Python and here is an existing HEC class for it. https://github.com/georgestarcher/Splunk-Class-httpevent

Why are HTTP Event Collector events not appearing the index?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Build the Future of Agentic AI: Join the Splunk Agentic Ops Hackathon

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

Join the Conversation