Hello,
Newish to splunk here.
We have an AWX instance (free Tower) and we are trying to send the logs to splunk using this link:
ansible-logs-splunk
All is good there. I can do a tcpdump and see data going out to port 8088 on my splunk management server.
I used this link to set up HEC on Splunk Enterprise 9.0.2:
HEC
I can run the curl -k ..... test and get: RETURNS: {"text":"Success","code":0}
So things seem ok. When I try a search, I get nothing. We've using the default index.
Any ideas?
Thanks,
Aaron
... View more