We have akamai Cloud Monitor App installed on the Splunk. IT used to work when we we were using the Splunk Trial version; later on we purchased 200Gb licensing but I am not able to find any events for the last 6 months. The last time, it generated logs when we had the trial version. We already have the Http EventCollector setup on the Heavy Forwarder. I can see that it is enabled from the HF. Is there any way we can check or enable it so that it starts indexing new logs and display the newer results.
The best way to check if the akamai logs are ingesting to Splunk or not is to run a curl command on your Splunk HF where HEC is enabled. This will indicate if HEC input is working correctly or not in first place.