Good evening,
We are currently unable to connect to the following Splunk Cloud trial instance which shall expire next December 29th. Could you please investigate this issue?
15:51 $ curl -k -H "Authorization: Splunk a19b174b-9x9x-4e02-a83f-9999999999999" -v -d '{"index": "moacir-splunk-cloud-siem", "event": "blah blah blah","sourcetype": "_json" }' https://prd-p-ojiyn.splunkcloud.com:8088/services/collector/event
* Trying 3.93.228.43:8088...
* TCP_NODELAY set
* connect to 3.93.228.43 port 8088 failed: Connection timed out
* Failed to connect to prd-p-ojiyn.splunkcloud.com port 8088: Connection timed out
* Closing connection 0
curl: (28) Failed to connect to prd-p-ojiyn.splunkcloud.com port 8088: Connection timed out
Warm regards,
Moacir
2 previous trial cloud instances were used a few months ago, and everything was working fine without any change on our side. It could be there is an issue with the current instance, so we will wait for it to expire and request a new one.
Kind regards,
Moacir
Sending data to HEC endpoints in Splunk Cloud requires adding "http-inputs-" or "http-inputs." to the URL. See https://docs.splunk.com/Documentation/Splunk/8.2.4/Data/UsetheHTTPEventCollector#Send_data_to_HTTP_E...
BTW, we are all fellow community members here so none of us can investigate the issues others are having. We can only make suggestions.
PS - I masked the token in the OP for security.
Hi,
We have followed your suggestion but unfortunately the issue is still happening:
curl -k -H "Authorization: Splunk a19b174b-3e6a-4e02-a83f-999999999999" -v -d '{"index": "moacir-splunk-cloud-siem", "event": "blah blah blah","sourcetype": "_json" }' https://http-inputs.prd-p-ojiyn.splunkcloud.com:8088/services/collector/event
* Could not resolve host: http-inputs.prd-p-ojiyn.splunkcloud.com
* Closing connection 0
curl: (6) Could not resolve host: http-inputs.prd-p-ojiyn.splunkcloud.com
curl -k -H "Authorization: Splunk a19b174b-3e6a-4e02-a83f-999999999999" -v -d '{"index": "moacir-splunk-cloud-siem", "event": "blah blah blah","sourcetype": "_json" }' https://http-inputs-prd-p-ojiyn.splunkcloud.com:8088/services/collector/event
* Could not resolve host: http-inputs-prd-p-ojiyn.splunkcloud.com
* Closing connection 0
curl: (6) Could not resolve host: http-inputs-prd-p-ojiyn.splunkcloud.com
Also, so far this prefix was not needed since the sending was working well with a previous test instance... Maybe you could retry on your side using the original token?
Warm regards,
Moacir
The choice of which prefix to use is not yours to make - it's determined by the platform on which your stack is hosted. Regardless, it appears the original URL (without prefix) works better in that it at least can be resolved. The timeout message could be caused by a firewall discarding the connection attempts. Have you checked your firewalls?
The original token no longer is available. Even if it was, I would not access someone else's system.
2 previous trial cloud instances were used a few months ago, and everything was working fine without any change on our side. It could be there is an issue with the current instance, so we will wait for it to expire and request a new one.
Kind regards,
Moacir