Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

HEC failed to connect to port 8088

jip31
Motivator
‎10-24-2023 08:20 AM

hi

My Splunk server is reachable from :

http://127.0.0.1:8000/fr-FR/app/launcher/home

I try to send data in my splunk server with the curl command below

curl -H "Authorization: Splunk 1f5de11f-ee8e-48df-b4f1-eb1bbb6f3db0" https://localhost:8088/services/collector/event -d '{"event":"hello world"}'

 But I have the message : curl: (7) Failed to connect to localhost port 8088 after 2629 ms: Couldn't connect to server 

Could you help please?

Labels (1)
Labels
Tags (1)
0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-25-2023 02:07 PM

Ahhh... so it's windows.

Ok, firstly check if your port is open. You can do that with netstat command from cmd or powershell. I don't remember the right switches to list listening ports for windows version though.

Anyway, if the port was closed, you should get a connection rejected error, not a timeout.

0 Karma
Reply

jip31
Motivator
‎10-26-2023 09:16 AM

It's strange because i have opened the port 8088 correctly in Windows Defender but when i am running the netstat command i can see it opened....

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-24-2023 08:35 AM

The message says it all - your curl sent SYN packets but never got any reply.

Which means that even if your port is open, it's probably filtered by your local firewall (since you're connecting to loopback device it can't be anything on external network). Check your iptables/firewalld config and open that port so that you can connect.

Whether the port is open by Splunk is another question and you'll see as soon as you "poke a hole" in your firewall.

0 Karma
Reply

jip31
Motivator
‎10-24-2023 09:04 AM

I have opened the port 8088 in Windows Defender but the result is the same 

Is anybody have an idea?

0 Karma
Reply
Get Updates on the Splunk Community!

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...

Explore the Latest Educational Offerings from Splunk (November Releases)

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...