Splunk Enterprise

Trying to get Fluentbit logs to send through HEC, but getting error?

xRusty9
Explorer

Hi there, appreciate if anyone could help me with these query.

I am trying to pump local file to splunk using fluentbit. The Splunk is currently https and secure.

I kept encountering error message of unexpected EOF, I am not sure what have I done wrongly in the fluent-bit.config file.

 

cmd-fluentbit-3nov.png

 

This is the screenshot of the splunk's general settting

GeneralSetting in Splunk.png

 

Below is the fluent-bit.config that I used with the fluent-bit.exe..

Spoiler
[INPUT]
Name tail
Tag taglog
Path C:\*.json

[OUTPUT]
Name splunk
Match *
Host localhost
Port 443
Splunk_Token <The HTTP Event Collector token generated in Splunk Web>
TLS On
TLS.Verify On
http_user <The username login to Splunk Web>
http_passwd <The password used to login to Splunk Web>
splunk_send_raw On

 

 

when i set the "TLS.Verify" to Off, it will have 303 http status code

303 error.png

Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...