Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now
SOLVED

AEM Cloud Manager LogForwarding to Splunk Cloud - 404 Error During Credential Audit

Avatar

Level 4
Level 4
6/16/25 2:41:39 PM

I'm trying to configure LogForwarding from AEM Cloud Service to Splunk Cloud but getting a 404 error during the credential audit phase.

Error Message:

 

Error in config kind 'LogForwarding': credentials audit job failed for splunk: Error: splunk audit failed: request to the provider Splunk failed due to an unexpected status code: 404, please check credentials | [credential audit failed]

 

 

Current Configuration:

 

 
yaml
kind: "LogForwarding"
version: "1"
metadata:
  envTypes: ["dev"]
data:
  splunk:
    default:
      enabled: true
      host: "org.splunkcloud.com"
      port: 443
      token: "${{SPLUNK_HEC_TOKEN}}"
      index: "name_aem"
 

 

Splunk HEC Token is valid and enabled 

Index "caat_aem" exists in Splunk
Unsure about correct Splunk Cloud HEC endpoint URL


 

Views

320

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
6/16/25 2:52:55 PM

Hi @georhe6,

It seems Adobe is successfully reaching your Splunk instance, but the endpoint path or token is not being accepted, leading to a 404 Not Found error.

Please double check
1. Correct Splunk cloud HEC host format

For Splunk Cloud, the HEC endpoint host usually looks like:

http-inputs-<your-splunk-instance>.splunkcloud.com

NOT just org.splunkcloud.com

So update:

host: "http-inputs-org.splunkcloud.com"

Replace org with your actual Splunk account prefix.

You can confirm the correct HEC URL from Splunk under:

  • Settings > Data Inputs > HTTP Event Collector > [your token] > look for the full URL.

2. Check HEC token

Ensure:

  • Token is enabled

  • Enable Indexer Acknowledgment is optional but can help with tracking

  • Token has permissions to write to the index you configured (e.g., name_aem)

3. Test Token from Local cURL (Optional)
curl -k https://http-inputs-<your-prefix>.splunkcloud.com:443/services/collector/event \
  -H "Authorization: Splunk <YOUR_TOKEN>" \
  -d '{"event": "test event from Adobe"}'

You should get a {"text":"Success","code":0} response.

Updated working example

kind: "LogForwarding"
version: "1"
metadata:
  envTypes: ["dev"]
data:
  splunk:
    default:
      enabled: true
      host: "http-inputs-org.splunkcloud.com"
      port: 443
      token: "${{SPLUNK_HEC_TOKEN}}"
      index: "name_aem"

Replace "http-inputs-org.splunkcloud.com" with your actual Splunk Cloud endpoint prefix.


Santosh Sai

AEM BlogsLinkedIn


View solution in original post

Views

313

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
1 Reply

Avatar

Correct answer by
Community Advisor
Community Advisor
6/16/25 2:52:55 PM

Hi @georhe6,

It seems Adobe is successfully reaching your Splunk instance, but the endpoint path or token is not being accepted, leading to a 404 Not Found error.

Please double check
1. Correct Splunk cloud HEC host format

For Splunk Cloud, the HEC endpoint host usually looks like:

http-inputs-<your-splunk-instance>.splunkcloud.com

NOT just org.splunkcloud.com

So update:

host: "http-inputs-org.splunkcloud.com"

Replace org with your actual Splunk account prefix.

You can confirm the correct HEC URL from Splunk under:

  • Settings > Data Inputs > HTTP Event Collector > [your token] > look for the full URL.

2. Check HEC token

Ensure:

  • Token is enabled

  • Enable Indexer Acknowledgment is optional but can help with tracking

  • Token has permissions to write to the index you configured (e.g., name_aem)

3. Test Token from Local cURL (Optional)
curl -k https://http-inputs-<your-prefix>.splunkcloud.com:443/services/collector/event \
  -H "Authorization: Splunk <YOUR_TOKEN>" \
  -d '{"event": "test event from Adobe"}'

You should get a {"text":"Success","code":0} response.

Updated working example

kind: "LogForwarding"
version: "1"
metadata:
  envTypes: ["dev"]
data:
  splunk:
    default:
      enabled: true
      host: "http-inputs-org.splunkcloud.com"
      port: 443
      token: "${{SPLUNK_HEC_TOKEN}}"
      index: "name_aem"

Replace "http-inputs-org.splunkcloud.com" with your actual Splunk Cloud endpoint prefix.


Santosh Sai

AEM BlogsLinkedIn


Views

314

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
Related Conversations
How to find paginated list of all users who belongs to the given group Solved

Views

78

Likes

2

Replies

4
Without using CRXDE Lite, and just the AEM Authoring interface, can you move multiple (100+) pages from one node to another?

Views

9

Likes

0

Replies

0
AEM Dispatcher eviction

Views

21

Likes

0

Replies

0
ACS AEM Tools CSV Assets IMporter

Views

102

Likes

0

Replies

2
How to sync the metadata from AEM cloud service DAM to new experience manager assets interface.

Views

176

Likes

0

Replies

2