Invoke Error - "Error: connect ETIMEDOUT 54.67.83....

dhruv_admin · ‎04-30-2024

Dear community members,

I am running Splunk enterprise edition on my local windows system. Splunk web is up & running. I have created a Lambda function with a trigger cloudwatch logs where on every invocation it should send the cloudwatch logs to Splunk. But while invocation I am getting connection refused error. Please find the error below. Can someone help me to understand ?

ERROR Invoke Error

PaulPanther · ‎04-30-2024

Which endpoint have you defined in your lambda function? localhost 127.0.0.1 is not an ip address that is reachable from an external source.

dhruv_admin · ‎04-30-2024

http://127.0.0.1:8000 as HEC variable

I have declared this variable and calling it in the function. Can you suggest how can I mitigate this issue ?

PaulPanther · ‎04-30-2024

127.0.0.1 is an internal ip address that you can't reach from any external source.

localhost - Wikipedia

Furthermore Port 8000 is not the default HEC Port but the default web port. So if you haven't change the default port for the web ui you must use another (high) port for HEC.

Set up and use HTTP Event Collector in Splunk Web - Splunk Documentation

dhruv_admin · ‎04-30-2024

Thanks, I will configure web ui with ssl certificate. Also HEC is running on port 8088

dhruv_admin

Hello Team,

I am using a blueprint lambda to process cloudwatch logs to splunk. I have configured HEC url & HEC token in Splunk we UI. Installed splunk in AWS linux server. But while invoking the lambda function getting above error.

HEC URL - http://54.67.83.247:8088/services/collector/raw

Whitelisted the IP in security group of ec2 instance where splunk is installed. Can anyone help me to fix this issue ?

"Error: connect ECONNREFUSED 127.0.0.1:8000"

configuration

installation

troubleshooting

Index This | I’m short for "configuration file.” What am I?

New Articles from Academic Learning Partners, Help Expand Lantern’s Use Case Library, ...

Your Guide to SPL2 at .conf24!