I cannot figure out which component to enable HEC and where to send the events. We have an on prem Splunk Enterprise distributed configuration with a Deployment server, Indexer and SearchHead. We a...
We are trying to send data to raw endpoint via Splunk HEC. When we do so, the data is always sent only to the default index and is not sent to the other indexes. Can someone guide us on how to have t...
I'm trying to use the recently released 8.1.0 Universal Forwarder to send logs over HTTP: https://docs.splunk.com/Documentation/Forwarder/8.1.0/Forwarder/Configureforwardingwithoutputs.conf#Configur...
Hello Splunkers! I've encountered challenges while attempting to connect Notion logs to our Splunk instance. Here's what I've tried: Inserting theHEC URL with a public IP on our Splunk on-p...
Hi
I am following this documentation from GCP [1], which mentions to omit YOUR_SPLUNK_HEC_URL must not include theHEC endpoint path, for example, /services/collector
My q...
...ndexer hardware died badly, and I thought I'd easily be able to switch these UFs over to our current indexer, which runs 7.2 (upgrading soon to 8.x), but that indexer only listens using theHEC on p...
...steps to correct this involve selecting new ports for the Splunk universal forwarder to use by modifying Splunk and Splunk Phantom configuration files, aligning the value of theHEC token in the b...
...documentation for theHEC. I think it is a permission issue but have gone through the whole /opt/splunk/etc/auth file and it looks good. Any ideas? TASK [splunk_standalone : Setup global HEC...
...ore details about my setting on Splunk and Jenkins plugin:
(should I change the index of my HEC?)
(I only use IP as my host and hostname) Thanks AsherRTK
In our environment (Phantom version 4.10.3.x), theHEC (HTTP Event Collector) server name that is used as an "Indexer Host" (i.e. Phantom UI field label for theHEC server for a "Distributed Splunk E...