Splunk Cloud Platform
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Unable to push data to Splunk Cloud trial "HTTP/1.1 503 Service Unavailable"

Saran
Explorer
‎07-30-2025 01:26 AM

I am trying to push the data to Splunk cloud trial instance, but it returns "HTTP/1.1 503 Service Unavailable".
Am I missing something or is my cloud trial instance down?

The host url I am using is "https://<my-instance>.splunkcloud.com:<port>/services/collector"
 The request format is given below:

curl -k https://<my-instance>.splunkcloud.com:<port>/services/collector -H "Authorization: Splunk <cloud-instance-token>"  -H "Content-Type: application/json" -d '{ "event": {payload}'

 

Labels (1)
Labels
0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎07-30-2025 01:39 AM

Hi @Saran 

You need to prefix the stack name with "http-inputs-" to send to HEC, you should be able to see a healthcheck by visiting:

https://http-inputs-<stackName>.splunkcloud.com/services/collector/health?token=<yourToken>

Or remove the ?token=<yourToken> to get a generic health check.

If this works then HEC should be active and accessible. It looks like the main issue here is the missing http-inputs- prefix.

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply

Saran
Explorer
‎07-30-2025 03:30 AM

Hi @livehybrid , this is still not working

curl -k "https://http-inputs-<instance>.splunkcloud.com/services/collector/health"

curl: (56) CONNECT tunnel failed, response 503


0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎07-30-2025 04:02 AM

Hi @Saran 

Just to confirm - are you behind a proxy or firewall that could be intercepting traffic?

Splunk Cloud Trial instances are slightly different in configuration to production instances and have various restrictions, please could you try https://<stack>.splunkcloud.com:8088/services/collector/health

If you are still getting the error with the above endpoint I think you will need to raise a support ticket via https://www.splunk.com/support - If you do not have any support entitlement with it being a trial then you might be able to reach out via sales and ask that they help you look into this (as potentially impacting sale and successful PoC).

Fingers crossed!

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Reply

Saran
Explorer
‎08-03-2025 10:17 PM

It was a Proxy issue, I have resolved it.

But I don't understand when to add "http-input" as the prefix to the instance. Could you please explain the difference between the Splunk Cloud trial instance and production instance?

Thank you


0 Karma
Reply

livehybrid
SplunkTrust
SplunkTrust
‎08-03-2025 11:32 PM

Hi @Saran 

Great, Im glad you solved it 🙂 

Regarding the http-input prefix, I believe this connects to a loadbalancer for a production instances (which would general comprise of multiple indexers) whereas a trial instance is likely a single all-in-one Splunk Cloud deployment and therefore doesnt require a loadbalancer for the HEC traffic.

In a production environment you would add the http-input- prefix and drop the 8088 port (and use 443).

🌟 Did this answer help you? If so, please consider:

  • Adding karma to show it was useful
  • Marking it as the solution if it resolved your issue
  • Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

0 Karma
Reply
Get Updates on the Splunk Community!

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

The Next-Gen Toolkit for Splunk Technology Add-on Development The Universal Configuration Console (UCC) ...

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...