Splunk Enterprise

HTTP Event collector rejecting test events

morphis72
Path Finder

I am trying to configure the HTTP Event Collector in my lab so that I can do some testing around data queuing but I'm hitting an odd problem. 

My setup is a Heavy Forwarder that is configured to send to a small cluster of indexers. I can see in the logs where it is making good connections to all of them.

When I configured my tokens to test with my test events are being rejected.

From another server I issue the following command:

curl -k "http://<myip>:8088/services/collector" -H "Authorization: Splunk dded8e66-57f2-44e9-b4a4-42bf231a2e7e" -d '{"event": "Hello, world!", "sourcetype": "manual"}'

I get the following response on the issuing server:

curl: (52) Empty reply from server

And this is what shows up in my splunkd log on my HEC server

04-05-2021 14:36:05.026 -0400 ERROR TcpInputProc - Message rejected. Received unexpected message of size=1347375956 bytes from src=<myip>:46804 in streaming mode. Maximum message size allowed=67108864. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload.

I can't imagine my message is really that size. Anyone got an idea what is going on here?

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...