Dear community members,
I am running Splunk enterprise edition on my local windows system. Splunk web is up & running. I have created a Lambda function with a trigger cloudwatch logs where on every invocation it should send the cloudwatch logs to Splunk. But while invocation I am getting connection refused error. Please find the error below. Can someone help me to understand ?
ERROR Invoke Error
Which endpoint have you defined in your lambda function? localhost 127.0.0.1 is not an ip address that is reachable from an external source.
http://127.0.0.1:8000 as HEC variable
I have declared this variable and calling it in the function. Can you suggest how can I mitigate this issue ?
127.0.0.1 is an internal ip address that you can't reach from any external source.
Furthermore Port 8000 is not the default HEC Port but the default web port. So if you haven't change the default port for the web ui you must use another (high) port for HEC.
Set up and use HTTP Event Collector in Splunk Web - Splunk Documentation
Thanks, I will configure web ui with ssl certificate. Also HEC is running on port 8088
Hello Team,
I am using a blueprint lambda to process cloudwatch logs to splunk. I have configured HEC url & HEC token in Splunk we UI. Installed splunk in AWS linux server. But while invoking the lambda function getting above error.
HEC URL - http://54.67.83.247:8088/services/collector/raw
Whitelisted the IP in security group of ec2 instance where splunk is installed. Can anyone help me to fix this issue ?