Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Which inbound/outbound ports should be opened to send data to HTTP Event Collector?

mark-jones
Explorer
‎09-12-2022 08:39 PM

Hello,

I understand that the HTTP Event Collector receives data over HTTPS on TCP port 8088 by default.

What i am wondering is if i have virtual machines running in the Azure cloud, do i need to open both inbound and outbound port 8088 in the Azure portal firewall settings?

Also, I was hoping to disable HTTPS by clicking on the Global Settings button at the top of the HTTP Event Collector management page in Splunk Cloud, but i see that it's greyed out.  I am in the admin role so is this changeable?

markjones_0-1663040295507.png

 

Labels (1)
Labels
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎09-13-2022 07:25 PM

Hi @mark-jones,

You can try with -k option to disable the certificate check;

curl -k https://prd-p-dfnly.splunkcloud.com:8088/services/collector/event -H "Authorization: Splunk d44e106b-####-####-####-e7a44409e65c" -d "{\"event\": \"hello world\"}\" {\"text\": \"Success\", \"code\": \"0}"
If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎09-12-2022 09:37 PM

Hi @mark-jones,

If you are using trial Splunk Cloud HEC port is 8088, but on production it is 443.

If you will collect data from virtual machines running on Azure , only outbound firewall rules will be enough. Connection is normal HTTP requests, that is why only one direction is enough.

Splunk Cloud does not allow changing HEC global settings.

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

mark-jones
Explorer
‎09-13-2022 09:50 AM

Hi scelikok

Thank you for the info.  

If the trial Splunk Cloud does not allow changing the global settings to disable https,  then i am now running into the issue with the following error message when trying to perform a simple curl command to test sending data to the indexer.

curl https://prd-p-dfnly.splunkcloud.com:8088/services/collector/event -H "Authorization: Splunk d44e106b-####-####-####-e7a44409e65c" -d "{\"event\": \"hello world\"}\" {\"text\": \"Success\", \"code\": \"0}"
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

I verified the outbound ports are open and was able to ping prd-p-dfnly.splunkcloud.com:8088

 

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...