"Error: connect ECONNREFUSED 127.0.0.1:8000"

dhruv_admin

Dear community members,

I am running Splunk enterprise edition on my local windows system. Splunk web is up & running. I have created a Lambda function with a trigger cloudwatch logs where on every invocation it should send the cloudwatch logs to Splunk. But while invocation I am getting connection refused error. Please find the error below. Can someone help me to understand ?

ERROR Invoke Error

PaulPanther

Which endpoint have you defined in your lambda function? localhost 127.0.0.1 is not an ip address that is reachable from an external source.

dhruv_admin

http://127.0.0.1:8000 as HEC variable

I have declared this variable and calling it in the function. Can you suggest how can I mitigate this issue ?

PaulPanther

127.0.0.1 is an internal ip address that you can't reach from any external source.

localhost - Wikipedia

Furthermore Port 8000 is not the default HEC Port but the default web port. So if you haven't change the default port for the web ui you must use another (high) port for HEC.

Set up and use HTTP Event Collector in Splunk Web - Splunk Documentation

dhruv_admin

Thanks, I will configure web ui with ssl certificate. Also HEC is running on port 8088

dhruv_admin

Hello Team,

I am using a blueprint lambda to process cloudwatch logs to splunk. I have configured HEC url & HEC token in Splunk we UI. Installed splunk in AWS linux server. But while invoking the lambda function getting above error.

HEC URL - http://54.67.83.247:8088/services/collector/raw

Whitelisted the IP in security group of ec2 instance where splunk is installed. Can anyone help me to fix this issue ?

"Error: connect ECONNREFUSED 127.0.0.1:8000"

configuration

installation

troubleshooting

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?