I have my log4j2.xml as below,   <?xml version="1.0" encoding="UTF-8"?> <Configuration status="info" name="example" packages="com.splunk.logging"> <Appenders> <SplunkHttp name="splunk" url="http://localhost:8088" token="sometoken" index="someindex" messageFormat="text" source="somesource" sourceType="log4j" batch_size_count="1" disableCertificateValidation="true" > <PatternLayout pattern="%m"/> </SplunkHttp> </Appenders> <Loggers> <Root level="INFO"> <AppenderRef ref="splunk"/> </Root> </Loggers> </Configuration>   I'm trying to set up Splunk with HEC on an EC2 instance. The same configuration works for a Splunk instance on my Windows machine. I used tcpdump to trace packets on port 8088 and it seems there is no packet reaching to that port. Did I miss anything on the configuration? Thank you! ... View more

Hi, I'm trying to use  SplunkHTTPAppender in production, the set up (log4j2.xml) works in development environment. But when I switch to production, http collector metrics (_introspection) starts to show data.num_of_requests_to_incorrect_url > 1 and no events are posted. Is there a way to know the url used in event posting? and what is the criteria to determine a wrong url? Thank you! ... View more