Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

HTTP Event collector rejecting test events

morphis72
Path Finder
‎04-05-2021 11:41 AM

I am trying to configure the HTTP Event Collector in my lab so that I can do some testing around data queuing but I'm hitting an odd problem. 

My setup is a Heavy Forwarder that is configured to send to a small cluster of indexers. I can see in the logs where it is making good connections to all of them.

When I configured my tokens to test with my test events are being rejected.

From another server I issue the following command:

curl -k "http://<myip>:8088/services/collector" -H "Authorization: Splunk dded8e66-57f2-44e9-b4a4-42bf231a2e7e" -d '{"event": "Hello, world!", "sourcetype": "manual"}'

I get the following response on the issuing server:

curl: (52) Empty reply from server

And this is what shows up in my splunkd log on my HEC server

04-05-2021 14:36:05.026 -0400 ERROR TcpInputProc - Message rejected. Received unexpected message of size=1347375956 bytes from src=<myip>:46804 in streaming mode. Maximum message size allowed=67108864. (::) Possible invalid source sending data to splunktcp port or valid source sending unsupported payload.

I can't imagine my message is really that size. Anyone got an idea what is going on here?

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Let’s Talk Terraform

If you’re beyond the first-weeks-of-a-startup stage, chances are your application’s architecture is pretty ...

Cloud Platform | Customer Change Announcement: Email Notification is Available For ...

The Notification Team is migrating our email service provider. As the rollout progresses, Splunk has enabled ...

Save the Date: GovSummit Returns Wednesday, December 11th!

Hey there, Splunk Community! Exciting news: Splunk’s GovSummit 2024 is returning to Washington, D.C. on ...