All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk DB Connect 3: How to find out if the HTTP Event Collector is using a port that is already in use?

hsesterhenn_spl
Splunk Employee
Splunk Employee
‎03-08-2017 07:02 AM

Hi,

with the new Splunk DB Connect 3, we use the Splunk HTTP Event Collector (HEC) to get the data.

If there is no data ingested, how to find out if the HTTP Event Collector tries to use a port (8088 by default) which is already in use?

I can't see any message in _internal to find out that HEC is running or tries to bind to a specific port.

How to troubleshoot?

Thanks,

Holger

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

hsesterhenn_spl
Splunk Employee
Splunk Employee
‎03-22-2017 04:01 AM

Hi,

with DBX 3 we now use a local HEC as mentioned by @jcoates.

If you have trouble receiving data from DBX3, search the internal index for 

03-08-2017 14:30:57.167 +0000 FATAL HTTPServer - Could not bind to port 8088

Netstat et al are good ideas, too.

HTH,

Holger

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

hsesterhenn_spl
Splunk Employee
Splunk Employee
‎03-22-2017 04:01 AM

Hi,

with DBX 3 we now use a local HEC as mentioned by @jcoates.

If you have trouble receiving data from DBX3, search the internal index for 

03-08-2017 14:30:57.167 +0000 FATAL HTTPServer - Could not bind to port 8088

Netstat et al are good ideas, too.

HTH,

Holger

0 Karma
Reply
Solved! Jump to solution

gjanders
SplunkTrust
SplunkTrust
‎03-16-2017 08:53 PM

Your question refers to an unrelated technology (DBConnect) for the HTTP event collector, assuming your on Linux and you are either root or the user running Splunk, you could do:
netstat -anp | grep 8088

And ensure that you see the Splunk process using the port number.
You might also see the port 8088 in your metrics.log file of your Splunk server receiving the traffic if there is data coming through...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Solved! Jump to solution

jcoates_splunk
Splunk Employee
Splunk Employee
‎03-20-2017 01:21 PM

DB Connect v3 uses a local HEC to push data into Splunk. Otherwise, this is correct advice. I also suggest the index=_internal logs, perhaps a search for error and port would be helpful.

0 Karma
Reply
Solved! Jump to solution

gjanders
SplunkTrust
SplunkTrust
‎03-20-2017 04:28 PM

Interesting, it would be great if the documentation mentions this, I'm not sure if I missed a mention of this in the newer DB connect v3 documentation...

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply
Solved! Jump to solution

jagadeeshm
Contributor
‎03-16-2017 07:00 PM

Splunk DB Connect is an app to configure inputs for getting data from a database. How is that related to HEC?
HEC is a convenient REST end-point to post data into Splunk.

0 Karma
Reply
Solved! Jump to solution

jcoates_splunk
Splunk Employee
Splunk Employee
‎03-20-2017 01:20 PM

DB Connect v3 uses a local HEC to push data into Splunk

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...