Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Trying to get Fluentbit logs to send through HEC, but getting error?

xRusty9
Engager
‎11-03-2022 02:38 AM

Hi there, appreciate if anyone could help me with these query.

I am trying to pump local file to splunk using fluentbit. The Splunk is currently https and secure.

I kept encountering error message of unexpected EOF, I am not sure what have I done wrongly in the fluent-bit.config file.

 

cmd-fluentbit-3nov.png

 

This is the screenshot of the splunk's general settting

GeneralSetting in Splunk.png

 

Below is the fluent-bit.config that I used with the fluent-bit.exe..

Spoiler
[INPUT]
Name tail
Tag taglog
Path C:\*.json

[OUTPUT]
Name splunk
Match *
Host localhost
Port 443
Splunk_Token <The HTTP Event Collector token generated in Splunk Web>
TLS On
TLS.Verify On
http_user <The username login to Splunk Web>
http_passwd <The password used to login to Splunk Web>
splunk_send_raw On

 

 

when i set the "TLS.Verify" to Off, it will have 303 http status code

303 error.png

0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...