On a Linux host I am testing our HEC IndexerAcknowledgement setup on our heavy forwarder and following the documentation example but I keep running into "invalid data format" errors. I am r...
I am trying to set up HEC for my indexer cluster (v8.0.7), with 2 indexers (and 3 search heads) managed by a master node. I read multiple docs and articles already, but I want to make sure I get s...
Hi Experts,
I configured HEC input, after that I run curl command using that token, it returns {"text":"Success","code":0} .
But no event comes into my INDEX.
Any suggestions on how to p...
...o enable HTTPEvent Collection on these indexers. I am referring documentation http://dev.splunk.com/view/event-collector/SP-CAAAE73 and it says,
Note: Using HTTPEventCollector in a distributed d...
Hello fellow Splunkers,
I need some help with HEC (HTTPEventCollector). The problem is that no events are appearing in any indexes. To simplify the issue I set up a test HEC config without SSL (http...
We think that the HTTPEventCollector reaches directly the indexing queue when using the event end point. Meaning the props.conf that we place are being ignored. Is this right?
I have three stand alone indexers in a round robin and want them to accept HTTPevents via the HTTPEventCollector. How do I generate a token with the same value on all three?
As I want to use the same HTTPeventcollector (HEC) token, can i add the new index=X and remove old index=Y? But, I don't want to lose the events on old index=Y. So, if i do that, the events on Index...
Hello,
We have a Splunk Enterprise environment that has separate tiers that are clustered; Search Heads and Indexers. Where/which tier do I enable HEC on and create tokens? Search Heads or Indexer...
Hello,
Is there a way to specify in the curl command the target index?
For example with the following command, how can i target an index named: scheduler in the command line?
curl -k http...