I have installed free Splunk enterprise in my local system and It can be accessed via localhost:8000
I have also configured the webhook receiver in this instance to run at port 8088 via the HTTP event collector settings
I tried ngrok to expose localhost:8000 and localhost:8088 and use that public URL as a webhook listening server. But Splunk is not receiving any events. I can see my ngrok server being hit with the events but seems like it's not able to forward it over to splunk.
what am I doing wrong here? What's the right way to expose my localhost Splunk instance to start receiving these webhook events?
Thank you in advance for help!
Webhooks Input #splunklocalhost
1. Are you sure you're using the webhook inputs app or did you just configure a HEC input?
2. Whatever that ngrok is - since you said that Splunk is listening on localhost - is it running on the same machine?
3. Did you verify if that ngrok is connecting to your Splunk instance and sending data?