About garrettsdet

garrettsdet · ‎01-22-2021

Hi all! I followed the instructions in the docs for enabling the HTTP Event Collector as well as setting up a Token, but the monitoring dashboard for HEC says I don't have any tokens configured. Has anybody else run into this?

garrettsdet · ‎01-20-2021

Thanks Rich! The search worked and showed a bunch of events for the two files I ingested. I tried a search earlier today of sourcetype=BugReport, but that didn't work. I guess I need to study the search syntax more closely, maybe do some tutorials. Thanks for the help!

garrettsdet · ‎01-20-2021

Hi! I have a local setup where I have splunk Enterprise, and a single universal forwarder monitoring an arbitrary Documents folder: The forwarder is set up to send entire files to splunk with these inputs.conf settings: [batch://C:\Users\Currentuser\Documents\TestSplunk] disabled = 0 sourcetype = BugReport move_policy = sinkhole index = sandbox When I place a text file into this TestSplunk directory, it does disappear, showing that the forwarder had picked it up, and disposed of the file as per the move_policy. However, from Splunk enterprise, I can't seem to see evidence of the file being received. In the splunkd.log belonging to the forwarder, I don't see any message with regards to the file that it detected/sent/deleted. How would I be able to see information about this kind of thing?

Posts	3
Solutions	0
Karma Given	1
Karma Received	0
Member Since	‎01-20-2021

Online Status	Offline
Date Last Visited	‎01-24-2021 03:52 PM

Splunk Enterprise Free trial, HTTP Event Collector...

Debugging universal forwarder sinkhole ingestion

Splunk Enterprise Free trial, HTTP Event Collector...

Re: Debugging universal forwarder sinkhole ingesti...

Debugging universal forwarder sinkhole ingestion