On a Linux host I am testing our HEC IndexerAcknowledgement setup on our heavy forwarder and following the documentation example but I keep running into "invalid data format" errors. I am r...
I am trying to set up HEC for my indexer cluster (v8.0.7), with 2 indexers (and 3 search heads) managed by a master node. I read multiple docs and articles already, but I want to make sure I get s...
Hi Experts,
I configured HEC input, after that I run curl command using that token, it returns {"text":"Success","code":0} .
But no event comes into my INDEX.
Any suggestions on how to p...
...o enable HTTPEvent Collection on these indexers. I am referring documentation http://dev.splunk.com/view/event-collector/SP-CAAAE73 and it says,
Note: Using HTTPEventCollector in a distributed d...
Hello fellow Splunkers,
I need some help with HEC (HTTPEventCollector). The problem is that no events are appearing in any indexes. To simplify the issue I set up a test HEC config without SSL (http...
We think that the HTTPEventCollector reaches directly the indexing queue when using the event end point. Meaning the props.conf that we place are being ignored. Is this right?
As I want to use the same HTTPeventcollector (HEC) token, can i add the new index=X and remove old index=Y? But, I don't want to lose the events on old index=Y. So, if i do that, the events on Index...
I have three stand alone indexers in a round robin and want them to accept HTTPevents via the HTTPEventCollector. How do I generate a token with the same value on all three?
I can see http_event_collector_metrics.log logs under
$SPLUNK_HOME/var/log/introspection/splunk/
But splunk says latest event received was 2 days ago. Whats going wrong in httpeventcollector...
Hello All, I have to load balance the https requests over indexer cluster. Need to know the best approach to load balance the data. Is NGNIX is only solution?