Splunk Enterprise

HTTP Event collector rejecting test events

morphis72
Path Finder

I am trying to configure the HTTP Event Collector in my lab so that I can do some testing around data queuing but I'm hitting an odd problem. 

My setup is a Heavy Forwarder that is configured to send to a small cluster of indexers. I can see in the logs where it is making good connections to all of them.

When I configured my tokens to test with my test events are being rejected.

From another server I issue the following command:

curl -k "http://<myip>:8088/services/collector" -H "Authorization: Splunk dded8e66-57f2-44e9-b4a4-42bf231a2e7e" -d '{"event": "Hello, world!", "sourcetype": "manual"}'

I get the following response on the issuing server:

curl: (52) Empty reply from server

And this is what shows up in my splunkd log on my HEC server

04-05-2021 14:36:05.026 -0400 ERROR TcpInputProc - Message rejected. Received unexpected message of size=1347375956 bytes from src=<myip>:46804 in streaming mode. Maximum message size allowed=67108864. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload.

I can't imagine my message is really that size. Anyone got an idea what is going on here?

Labels (1)
0 Karma
Get Updates on the Splunk Community!

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...