Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

missing collector service in HEC services list

Eshwar
Engager
‎09-26-2024 01:13 AM

Hi Splunk Experts,

I had configured HEC and tried to send logs data via OTEL collector but I don't find service for collector. So, kindly suggest how to enable collector service to receive data from OTEL Collector.

Much appreciated for your inputs.

Regards,

Eshwar

0 Karma
Reply

Eshwar
Engager
‎09-27-2024 04:36 AM

Hi @sainag_splunk 

I have reconfigured HEC and I am able to send data to HEC indexer via Post man. Since, I had configured OTEL collector according to HEC but I am not able to see data from OTEL collector. Can you please suggest where went wrong.

Thank you in advance.

Regards,

Eshwar

0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
‎09-26-2024 10:00 PM

Hello, it should be port 8088 in your script, however UI won't work, for the HEC.

 Try to sending the data to HEC via Postman or curl, if that works, then it should be an issue on the payload data source.

For troubleshooting: use the below search for your hec logs.

index=_introspection component=HttpEventCollector sourcetype=http_event_collector_metrics

index=_internal host=yourhechost ERROR

 

Last thing try to use the services/collector/raw endpoint to test, but keep in mind to use services/collector/event for your json data.

Hope this helps. 

 

0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
‎09-26-2024 10:34 AM

Did you already try this ? please refer: https://github.com/signalfx/splunk-otel-collector-chart/tree/main?tab=readme-ov-file

helm install my-splunk-otel-collector --set="splunkPlatform.endpoint=https://127.0.0.1:8088/services/collector,splunkPlatform.token=xxxxxx,splunkPlatform.metricsIndex=k8s-metrics,splunkPlatform.index=main,clusterName=my-cluster" splunk-otel-collector-chart/splunk-otel-collector




Reply

Eshwar
Engager
‎09-26-2024 08:57 PM

Hi @sainag_splunk ,

Thank you for your response.

Just for your info I had installed HEX on on-prem not on Kubernetes. I think that command you have shared is for Kubernetes environment.

My goal is to achieve sending log data through Otel collector to HEC end point.

0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
‎09-26-2024 09:10 PM

If you already have HEC setup with the token, index. You should be good on the splunk indexing side. 

You will need to use HEC exporter.

HEC exporter: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/exporter/splunkhecexport...

Refer:  https://github.com/signalfx/splunk-otel-collector/tree/main/examples/otel-logs-splunk

 

Hope all these links help. 

0 Karma
Reply

Eshwar
Engager
‎09-26-2024 09:29 PM

Hi @sainag_splunk ,

Yes, I had configured with token, index. Below is my configuration in HEC and OTEL exporter.

Eshwar_0-1727410828215.png

Eshwar_2-1727411349373.png

 

Please suggest where went wrong?

Regards,

Eshwar

0 Karma
Reply

Eshwar
Engager
‎09-26-2024 09:42 PM

Hi @sainag_splunk ,

I am trying to open the end point on browser but getting below error.

Eshwar_0-1727412115381.png

Regards,

Eshwar

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...

Secure Your Future: Mastering Upgrade Readiness for Splunk 10

Spotlight: The Splunk Health Assistant Add-On  The Splunk Health Assistant Add-On is your ultimate companion ...

Observability Unlocked: Kubernetes & Cloud Monitoring with Splunk IM

Ready to master Kubernetes and cloud monitoring like the pros? Join Splunk’s Growth Engineering team on ...