Getting Data In

http event collector looks disabled | no action to enable

elegantleaf
New Member

Using Splunk Cloud - After adding first http event collector the status shows disabled, actions do not show a enable link, a greyed out disabled link, monitoring shows no connection attempts,

I tried a manual test but I think I have the endpoint hostname incorrect ?

PS C:\Users\eagle> Invoke-WebRequest -Uri "https://http-inputs-xxxx.splunkcloud.com:443/services/collector/event" -Headers @{'Authorization' = 'Splunk xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'}

Invoke-WebRequest : The remote name could not be resolved: 'http-inputs-xxxx.splunkcloud.com'

Labels (1)
0 Karma

0YAoNnmRmKDg
Path Finder

Hi,

I had this quirk too, its specific to Splunk cloud free trials (15 days).... even though HEC shows as disabled in the UI it will work

also use the endpoint similar too.... https://prd-p-h00lm.splunkcloud.com:8088/services/collector

That should get you there

0 Karma

rmistry75
New Member

I am also getting the same issue with my new free 15 day trial account. I created a new HTTP Event Collector and it's stuck in "disabled" status. I can't seem to enable it.

0 Karma

maityayan1996
Path Finder

use this settings in the inputs.conf in the following path :
$SPLUNK_HOME\etc\apps\splunk_httpinput\local

[http]
disabled = 0
useDeploymentServer = 1

It will solve the issue. Please let me know once you resolve this issue.

0 Karma

elegantleaf
New Member

Thanks. How do I edit or copy the inputs.conf on Splunk Cloud instance ? Is there anyway to SSH into the Splunk Cloud Enviroment to do this ?

0 Karma

elegantleaf
New Member

Thanks I am not sure it's DNS I have tried on other hosts as well, am I even using the correct syntax \ URL and why does the status show disabled without an enable link ? I think I am stuck here

  1. status of http event collector token shows disabled - How do I enable ?
  2. Am I using the correct URL ? - https://http-inputs-prd-p-dpyn3.splunkcloud.com:443/services/collector
0 Karma

MuS
SplunkTrust
SplunkTrust

Hi elegantleaf,

the error states The remote name could not be resolved: which points to DNS.

cheers, MuS

Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...