8088 != 8089 😉

😀

8089 is also not working.

@tcsec2user - What error you are getting with that?

Im using HEC  method .I post the data to Splunk cloud using this URL https://localhost:8088/services/collector/event

then I want fetch that event data ?

I'm using token for authentications not using  my username and password .

if I use 8089 as my port number it is not connected to server 

using 8088 https://localhost:8088/services/search/jobs?search="search *"

the response is 

@tcsec2user - 

• The first call is for HEC which you are doing is correct.
  • I post the data to Splunk cloud using this URL https://localhost:8088/services/collector/event

• Then you do a search with the management port:
  • https://localhost:8088/services/search/jobs?search="search *"
  • Two things need to be corrected here:
    • Port needs to be 8089
      
      • You said "if I use 8089 as my port number it is not connected to server"
      • This could be due to the management port could be blocked for outside use on the Splunk cloud. I'm not 100% sure. Please check with Splunk Cloud support that I need to use the management port for REST API.
    • Second, "search="search *" is not a param so you need to make a post request and send it as the body.

So start with access to the management port on your Splunk cloud environment, and reach out to Splunk cloud support.

I hope this helps!!!

Look at the port number it should be 8089.

8088 is the HEC port.

8089 is a management port.

(Though I'm not sure if management port on Splunk cloud would be publicly available or not.)

I changed and tried different ports numbers and in my global setting is the port number is 8088

@tcsec2user  HEC is totally different than REST API.

• REST API is on 8089 (management port)
• HEC is on 8088 port.