SC4S Troubleshooting

Accessing container logs

execute for podman

sudo podman logs SC4S

execute for docker/docker compose

sudo docker logs SC4S

Time out error reaching splunk server reported from curl in the docker container logs

• Verify firewalld is enabled and started on the container host
• Verify using curl the token and access to each index

curl -k "https://mysplunkserver.example.com:8088/services/collector"
-H "Authorization: Splunk CF179AE4-3C99-45F5-A7CC-3284AA91CF67"
-d '{"event": "Hello, world!", "index": "main", "sourcetype": "sc4s:test"}'