Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

missing collector service in HEC services list

Eshwar
Engager
‎09-26-2024 01:13 AM

Hi Splunk Experts,

I had configured HEC and tried to send logs data via OTEL collector but I don't find service for collector. So, kindly suggest how to enable collector service to receive data from OTEL Collector.

Much appreciated for your inputs.

Regards,

Eshwar

0 Karma
Reply

Eshwar
Engager
‎09-27-2024 04:36 AM

Hi @sainag_splunk 

I have reconfigured HEC and I am able to send data to HEC indexer via Post man. Since, I had configured OTEL collector according to HEC but I am not able to see data from OTEL collector. Can you please suggest where went wrong.

Thank you in advance.

Regards,

Eshwar

0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
‎09-26-2024 10:00 PM

Hello, it should be port 8088 in your script, however UI won't work, for the HEC.

 Try to sending the data to HEC via Postman or curl, if that works, then it should be an issue on the payload data source.

For troubleshooting: use the below search for your hec logs.

index=_introspection component=HttpEventCollector sourcetype=http_event_collector_metrics

index=_internal host=yourhechost ERROR

 

Last thing try to use the services/collector/raw endpoint to test, but keep in mind to use services/collector/event for your json data.

Hope this helps. 

 

0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
‎09-26-2024 10:34 AM

Did you already try this ? please refer: https://github.com/signalfx/splunk-otel-collector-chart/tree/main?tab=readme-ov-file

helm install my-splunk-otel-collector --set="splunkPlatform.endpoint=https://127.0.0.1:8088/services/collector,splunkPlatform.token=xxxxxx,splunkPlatform.metricsIndex=k8s-metrics,splunkPlatform.index=main,clusterName=my-cluster" splunk-otel-collector-chart/splunk-otel-collector




Reply

Eshwar
Engager
‎09-26-2024 08:57 PM

Hi @sainag_splunk ,

Thank you for your response.

Just for your info I had installed HEX on on-prem not on Kubernetes. I think that command you have shared is for Kubernetes environment.

My goal is to achieve sending log data through Otel collector to HEC end point.

0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
‎09-26-2024 09:10 PM

If you already have HEC setup with the token, index. You should be good on the splunk indexing side. 

You will need to use HEC exporter.

HEC exporter: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/exporter/splunkhecexport...

Refer:  https://github.com/signalfx/splunk-otel-collector/tree/main/examples/otel-logs-splunk

 

Hope all these links help. 

0 Karma
Reply

Eshwar
Engager
‎09-26-2024 09:29 PM

Hi @sainag_splunk ,

Yes, I had configured with token, index. Below is my configuration in HEC and OTEL exporter.

Eshwar_0-1727410828215.png

Eshwar_2-1727411349373.png

 

Please suggest where went wrong?

Regards,

Eshwar

0 Karma
Reply

Eshwar
Engager
‎09-26-2024 09:42 PM

Hi @sainag_splunk ,

I am trying to open the end point on browser but getting below error.

Eshwar_0-1727412115381.png

Regards,

Eshwar

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...