I am trying to push the data to Splunk cloud trial instance, but it returns "HTTP/1.1 503 Service Unavailable".
Am I missing something or is my cloud trial instance down?
The host url I am using is "https://<my-instance>.splunkcloud.com:<port>/services/collector"
The request format is given below:
curl -k https://<my-instance>.splunkcloud.com:<port>/services/collector -H "Authorization: Splunk <cloud-instance-token>" -H "Content-Type: application/json" -d '{ "event": {payload} }'
Hi @Saran
You need to prefix the stack name with "http-inputs-" to send to HEC, you should be able to see a healthcheck by visiting:
https://http-inputs-<stackName>.splunkcloud.com/services/collector/health?token=<yourToken>Or remove the ?token=<yourToken> to get a generic health check.
If this works then HEC should be active and accessible. It looks like the main issue here is the missing http-inputs- prefix.
Did this answer help you? If so, please consider:
Your feedback encourages the volunteers in this community to continue contributing
Hi @livehybrid , this is still not working
curl -k "https://http-inputs-<instance>.splunkcloud.com/services/collector/health"
curl: (56) CONNECT tunnel failed, response 503
Hi @Saran
Just to confirm - are you behind a proxy or firewall that could be intercepting traffic?
Splunk Cloud Trial instances are slightly different in configuration to production instances and have various restrictions, please could you try https://<stack>.splunkcloud.com:8088/services/collector/health
If you are still getting the error with the above endpoint I think you will need to raise a support ticket via https://www.splunk.com/support - If you do not have any support entitlement with it being a trial then you might be able to reach out via sales and ask that they help you look into this (as potentially impacting sale and successful PoC).
Fingers crossed!
Did this answer help you? If so, please consider:
Your feedback encourages the volunteers in this community to continue contributing