I've installed the splunk enterprise trial. i've enabled the HEC feature as described here http://dev.splunk.com/view/event-collector/SP-CAAAE7F which enable to send machine data from my app into splunk. I tried to send a POST request using postman to splunk and got no response.
method: POST
url : http://localhost:8088/services/collector
Authorization : my generated token
why there is no response if i already enabled the HEC feature. it seems that no server listen on that port at all
what i don't understand about splunk is - where is my data stored? is data for SPLUNK ENTERPRISE stored only locally and should be in use inside companies LAN network ? or splunk own servers in the cloud that stored all my data? is Splunk Enterprise and Splunk Cloud have differences on that subject?
thank you for your help.
hello, This issue may be due to url.. try http://localhost:8088/services/collector/raw
OR
refer below steps for Splunk Enterprise version :
http://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Data/UsetheHTTPEventCollector
Create an Event Collector token
To use HEC, you must configure at least one token.
Click Settings > Data inputs
Click HTTP Event Collector.
click New Token
Enter name=abc
click next
click Create a new index
Enter Index Name=abc
from dropdown select abc i.e default index =abc
same way select abc from Select Allowed Indexes option
click review
click submit
keep that Token Value with you ..
Enable HTTP Event Collector
Click Settings > Data Inputs.
Click HTTP Event Collector.
Click Global Settings.
click Enabled
then clear all checked boxes and select default index =abc
click save
Now go to Postman :
Select POST method
url : http://localhost:8088/services/collector/raw
select Headers tab : key =Authorization and value = Splunk <your token>
in the body tab : select raw and write your message
click send
Now in the splunk search for : index="abc"