Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

missing collector service in HEC services list

Eshwar
Engager
‎09-26-2024 01:13 AM

Hi Splunk Experts,

I had configured HEC and tried to send logs data via OTEL collector but I don't find service for collector. So, kindly suggest how to enable collector service to receive data from OTEL Collector.

Much appreciated for your inputs.

Regards,

Eshwar

0 Karma
Reply

Eshwar
Engager
‎09-27-2024 04:36 AM

Hi @sainag_splunk 

I have reconfigured HEC and I am able to send data to HEC indexer via Post man. Since, I had configured OTEL collector according to HEC but I am not able to see data from OTEL collector. Can you please suggest where went wrong.

Thank you in advance.

Regards,

Eshwar

0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
‎09-26-2024 10:00 PM

Hello, it should be port 8088 in your script, however UI won't work, for the HEC.

 Try to sending the data to HEC via Postman or curl, if that works, then it should be an issue on the payload data source.

For troubleshooting: use the below search for your hec logs.

index=_introspection component=HttpEventCollector sourcetype=http_event_collector_metrics

index=_internal host=yourhechost ERROR

 

Last thing try to use the services/collector/raw endpoint to test, but keep in mind to use services/collector/event for your json data.

Hope this helps. 

 

If this helps, Upvote!!!!
Together we make the Splunk Community stronger 
0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
‎09-26-2024 10:34 AM

Did you already try this ? please refer: https://github.com/signalfx/splunk-otel-collector-chart/tree/main?tab=readme-ov-file

helm install my-splunk-otel-collector --set="splunkPlatform.endpoint=https://127.0.0.1:8088/services/collector,splunkPlatform.token=xxxxxx,splunkPlatform.metricsIndex=k8s-metrics,splunkPlatform.index=main,clusterName=my-cluster" splunk-otel-collector-chart/splunk-otel-collector




If this helps, Upvote!!!!
Together we make the Splunk Community stronger 
Reply

Eshwar
Engager
‎09-26-2024 08:57 PM

Hi @sainag_splunk ,

Thank you for your response.

Just for your info I had installed HEX on on-prem not on Kubernetes. I think that command you have shared is for Kubernetes environment.

My goal is to achieve sending log data through Otel collector to HEC end point.

0 Karma
Reply

sainag_splunk
Splunk Employee
Splunk Employee
‎09-26-2024 09:10 PM

If you already have HEC setup with the token, index. You should be good on the splunk indexing side. 

You will need to use HEC exporter.

HEC exporter: https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/exporter/splunkhecexport...

Refer:  https://github.com/signalfx/splunk-otel-collector/tree/main/examples/otel-logs-splunk

 

Hope all these links help. 

If this helps, Upvote!!!!
Together we make the Splunk Community stronger 
0 Karma
Reply

Eshwar
Engager
‎09-26-2024 09:29 PM

Hi @sainag_splunk ,

Yes, I had configured with token, index. Below is my configuration in HEC and OTEL exporter.

Eshwar_0-1727410828215.png

Eshwar_2-1727411349373.png

 

Please suggest where went wrong?

Regards,

Eshwar

0 Karma
Reply

Eshwar
Engager
‎09-26-2024 09:42 PM

Hi @sainag_splunk ,

I am trying to open the end point on browser but getting below error.

Eshwar_0-1727412115381.png

Regards,

Eshwar

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...