Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
153 results
Sorted by:
11-30-2020
10:06 AM
1 Karma
On a Linux host I am testing our HEC Indexer Acknowledgement setup on our heavy forwarder and following the documentation example but I keep running into "invalid data format" errors. I am r...
Labels
- Labels:
-
HTTP Event Collector
07-27-2021
01:10 AM
I am trying to set up HEC for my indexer cluster (v8.0.7), with 2 indexers (and 3 search heads) managed by a master node. I read multiple docs and articles already, but I want to make sure I get s...
Labels
- Labels:
-
HTTP Event Collector
06-24-2019
11:51 PM
Hi Experts,
I configured HEC input, after that I run curl command using that token, it returns {"text":"Success","code":0} .
But no event comes into my INDEX.
Any suggestions on how to p...
01-18-2018
12:19 AM
...o enable HTTP Event Collection on these indexers. I am referring documentation http://dev.splunk.com/view/event-collector/SP-CAAAE73 and it says,
Note: Using HTTP Event Collector in a distributed d...
- Tags:
- splunk-enterprise
04-27-2017
05:59 PM
Hello fellow Splunkers,
I need some help with HEC (HTTP Event Collector). The problem is that no events are appearing in any indexes. To simplify the issue I set up a test HEC config without SSL (http...
04-10-2016
11:58 PM
7 Karma
Hi,
I just downloaded and installed Splunk Light on-prem and I'm trying to use HTTP Event Collector walk-through ( http://dev.splunk.com/view/event-collector/SP-CAAAE7F) with postman/curl. I t...
Labels
- Labels:
-
other
Show results in replies (3)
-
From About HTTP Event Collector Indexer Acknowledgment: Channels are designed so that you assign a...
-
About channels and sending data Sending events with indexer acknowledgment enabled is similar t...
-
@otryshko based on the error my guess is you have enabled indexer acknowledgment on the token. If s...
05-03-2019
07:46 AM
We think that the HTTP Event Collector reaches directly the indexing queue when using the event end point. Meaning the props.conf that we place are being ignored. Is this right?
- Tags:
- http-event-collector
01-08-2019
01:37 PM
As I want to use the same HTTP event collector (HEC) token, can i add the new index=X and remove old index=Y? But, I don't want to lose the events on old index=Y. So, if i do that, the events on Index...
10-01-2015
12:08 PM
1 Karma
I have three stand alone indexers in a round robin and want them to accept HTTP events via the HTTP Event Collector. How do I generate a token with the same value on all three?
05-09-2018
08:37 AM
I can see http_event_collector_metrics.log logs under
$SPLUNK_HOME/var/log/introspection/splunk/
But splunk says latest event received was 2 days ago. Whats going wrong in http event collector...
- Tags:
- splunk-enterprise
