Splunk Enterprise

How do I access my local Splunk enterprise to receive incoming webhooks from the internet?

s_palan
New Member

I have installed free Splunk enterprise in my local system and It can be accessed via localhost:8000
I have also configured the webhook receiver in this instance to run at port 8088 via the HTTP event collector settings

I tried ngrok to expose localhost:8000 and localhost:8088 and use that public URL as a webhook listening server. But Splunk is not receiving any events. I can see my ngrok server being hit with the events but seems like it's not able to forward it over to splunk.

what am I doing wrong here? What's the right way to expose my localhost Splunk instance to start receiving these webhook events?

Thank you in advance for help!
Webhooks Input #splunklocalhost

Labels (1)
0 Karma

PickleRick
SplunkTrust
SplunkTrust

1. Are you sure you're using the webhook inputs app or did you just configure a HEC input?

2. Whatever that ngrok is - since you said that Splunk is listening on localhost - is it running on the same machine?

3. Did you verify if that ngrok is connecting to your Splunk instance and sending data?

0 Karma
Get Updates on the Splunk Community!

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...

Part 2: A Guide to Maximizing Splunk IT Service Intelligence

Welcome to the second segment of our guide. In Part 1, we covered the essentials of getting started with ITSI ...

Part 1: A Guide to Maximizing Splunk IT Service Intelligence

As modern IT environments continue to grow in complexity and speed, the ability to efficiently manage and ...