Unable to connect to Splunk Cloud using MuleSoft

AmalaHariram · ‎04-08-2016

Hi,

I am trying out a scenario where I need to connect to Splunk Cloud using MuleSoft ESB. I have registered to Splunk Cloud and I am provided with the host (xxxxxxxxx.cloud.splunk.com). But via MuleSoft I am not able to connect. I could not even ping or telnet the host. I am also not aware of the port. I have tried these combination of ports (9997, 8089, 1024, 443, 8000). But none are reachable.

Could anyone help me on this.

Thanks,
Amala

lguinn2 · ‎04-08-2016

First, I have edited your question to remove the actual host name from the post. You really shouldn't expose that information to the general public.

Second, to connect to a Splunk Cloud server, you also need the right certificates and authentication. My guess is that this is the problem.

For a forwarder, there is a special app that provides the authentication that you need. I am not familiar with the Mulesoft ESB, but another alternative is to use the HTTP Event Collector (HEC). In order to use the HEC, you need a security token that must be provided with each event that is submitted.

You will need to get the special app or the security token from your admin team. File a ticket with them.

mragavan · ‎05-31-2019

Hi,

I tried using HEC and configured log4j as mentioned below in Mule. Im getting connection timed out error.

    <Http name="Splunk"
        url="https://*****.com:8088/services/collector/raw">
        <Property name="Authorization" value="*****" />
        <PatternLayout pattern="%-5p %d [%t] %X{correlationId}%c: %m%n" />
    </Http>

2019-05-31 20:37:13,484 Log4j2-TF-7-AsyncLoggerConfig--4 ERROR Unable to send HTTP in appender [Splunk] java.net.ConnectException: Connection timed out: connect

Any idea.

Unable to connect to Splunk Cloud using MuleSoft

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!