All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

"Error: connect ECONNREFUSED 127.0.0.1:8000"

dhruv_admin
Loves-to-Learn
‎04-30-2024 12:29 AM

Dear community members,

I am running Splunk enterprise edition on my local windows system. Splunk web is up & running. I have created a Lambda function with a trigger cloudwatch logs where on every invocation it should send the cloudwatch logs to Splunk. But while invocation I am getting connection refused error. Please find the error below. Can someone help me to understand ?

ERROR Invoke Error

Labels (3)
0 Karma
Reply

PaulPanther
Motivator
‎04-30-2024 01:55 AM

Which endpoint have you defined in your lambda function? localhost 127.0.0.1 is not an ip address that is reachable from an external source.

0 Karma
Reply

dhruv_admin
Loves-to-Learn
‎04-30-2024 02:00 AM

http://127.0.0.1:8000  as HEC variable

I have declared this variable and calling it in the function. Can you suggest how can I mitigate this issue ?

0 Karma
Reply

PaulPanther
Motivator
‎04-30-2024 02:10 AM

127.0.0.1 is an internal ip address that you can't reach from any external source.  

localhost - Wikipedia

Furthermore Port 8000 is not the default HEC Port but the default web port. So if you haven't change the default port for the web ui you must use another (high) port for HEC. 

Set up and use HTTP Event Collector in Splunk Web - Splunk Documentation

 

0 Karma
Reply

dhruv_admin
Loves-to-Learn
‎04-30-2024 02:28 AM

Thanks, I will configure web ui with ssl certificate. Also HEC is running on port 8088

0 Karma
Reply

dhruv_admin
Loves-to-Learn
‎05-02-2024 11:16 PM

Hello Team,

I am using a blueprint lambda to process cloudwatch logs to splunk. I have configured HEC url & HEC token in Splunk we UI. Installed splunk in AWS linux server. But while invoking the lambda function getting above error.

HEC URL - http://54.67.83.247:8088/services/collector/raw

Whitelisted the IP in security group of ec2 instance where splunk is installed. Can anyone help me to fix this issue ?

0 Karma
Reply
Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...