Splunk Enterprise

HTTP event collector log troubleshooting

senthild
Explorer

we have a log ingestion from aws cloud env via HTTP event collector to splunk , one of the user reporting some of the logs which is missing in splunk is there any log file to validate this or if there is any connectivity drop in http to cloud apps how to validate this 

Labels (2)
0 Karma

inventsekar
SplunkTrust
SplunkTrust

Hi @senthild 

More details needed from your side.. 

from AWS Cloud to Splunk Cloud or Splunk Enterprise?

any recent changes to the HEC inputs? 

get details from the user that which timeframe or logs are missing exactly.. pls check these logs yourself..   (may times the developers simply "think" something is missing)

maybe, pls check these troubleshooting steps.. 

https://docs.splunk.com/Documentation/SplunkCloud/9.1.2308/Data/TroubleshootHTTPEventCollector

 

thanks and best regards,
Sekar

PS - If this or any post helped you in any way, pls consider upvoting, thanks for reading !
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...