Using Splunk Cloud - After adding first http event collector the status shows disabled, actions do not show a enable link, a greyed out disabled link, monitoring shows no connection attempts,
I tried a manual test but I think I have the endpoint hostname incorrect ?
PS C:\Users\eagle> Invoke-WebRequest -Uri "https://http-inputs-xxxx.splunkcloud.com:443/services/collector/event" -Headers @{'Authorization' = 'Splunk xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx'}
Invoke-WebRequest : The remote name could not be resolved: 'http-inputs-xxxx.splunkcloud.com'
Hi,
I had this quirk too, its specific to Splunk cloud free trials (15 days).... even though HEC shows as disabled in the UI it will work
also use the endpoint similar too.... https://prd-p-h00lm.splunkcloud.com:8088/services/collector
That should get you there
I am also getting the same issue with my new free 15 day trial account. I created a new HTTP Event Collector and it's stuck in "disabled" status. I can't seem to enable it.
use this settings in the inputs.conf in the following path :
$SPLUNK_HOME\etc\apps\splunk_httpinput\local
[http]
disabled = 0
useDeploymentServer = 1
It will solve the issue. Please let me know once you resolve this issue.
Thanks. How do I edit or copy the inputs.conf on Splunk Cloud instance ? Is there anyway to SSH into the Splunk Cloud Enviroment to do this ?
Thanks I am not sure it's DNS I have tried on other hosts as well, am I even using the correct syntax \ URL and why does the status show disabled without an enable link ? I think I am stuck here
Hi elegantleaf,
the error states The remote name could not be resolved:
which points to DNS.
cheers, MuS