User16681662815109981047 (Customer) asked a question.
Unable to setup and collect Log Streaming events in Splunk Cloud
Hi Team,
I'm facing issues in configuring the Okta Log streaming to my Splunk trail cloud instance. It is getting deactivated after a few seconds with the below error. It seems Okta log streaming updates the host with "http-inputs-<original_host>" and it is not working with the Splunk trail cloud instance.
Can someone please assist here?
It seems Okta is adding an incorrect prefix here. I tried with GCP Edition as well but no luck.
It seems that the HEC ingestion endpoint for my Splunk Cloud is:
"inputs.<original_host>"
Ref: https://docs.splunk.com/Documentation/SplunkCloud/9.0.2209/Admin/TypesofSplunkClouddeployment
Hi @User16681662815109981047 (Customer) , Thank you for reaching out to the Okta Community!
I did a bit of digging and the issue you are describing might be related to a bug slated to be fixed with the Okta release 2023.04.1.
I'm not 100% sure that this is exactly what you are facing, but it does sound like it, so my advice would be to open a support ticket to have this verified, tracked and eventual ETA.
Use ticket number OKTA-597881 as a reference to give my Support colleagues a starting point to look into.
If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you.
Hope my answer helps!
--------------------------------
Community members help others by clicking Like or Select as Best on responses. Try it today.