Expand my Community achievements bar.

Submissions are now open for the 2026 Adobe Experience Maker Awards.
Apply Now
SOLVED

AEM to Splunk HEC - Event not showing up in Splunk

Avatar

Level 2
Level 2
8/14/25 7:00:41 PM

Hi team,

 

I am trying to send logs from my AEM as a Cloud Service custom service to Splunk using HTTP Event Collector. The call returns 200 OK, but nothing appears in Splunk search.

Here’s the code snippet:

 

JSONObject event = new JSONObject();
event.put("event", message);

HttpURLConnection conn = (HttpURLConnection) new URL(SPLUNK_HEC_URL).openConnection();
conn.setDoOutput(true);
conn.setRequestMethod("POST");
conn.setRequestProperty("Authorization", "Splunk " + SPLUNK_TOKEN);
conn.setRequestProperty("Content-Type", "application/json");

OutputStream os = conn.getOutputStream();
os.write(event.toString().getBytes(StandardCharsets.UTF_8));
os.flush();
os.close();

log.info("Response Code: {}", conn.getResponseCode());

 

Is there anything I am missing in request that’s preventing the event from showing in Splunk?

Views

195

Replies

2
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Community Advisor
Community Advisor
8/14/25 7:32:15 PM

Hi @Vishal_Kagde,

Looks like, your JSON payload is too minimal. Splunk HEC expects an event field plus metadata like time, host and sourcetype. Even with 200 OK, missing these can prevent indexing.

Can you try this if it works:

JSONObject payload = new JSONObject();
payload.put("time", System.currentTimeMillis() / 1000);
payload.put("host", "aem-service");
payload.put("sourcetype", "_json");

JSONObject event = new JSONObject();
event.put("message", message);
payload.put("event", event);

 Reference: https://docs.splunk.com/Documentation/Splunk/9.4.2/Data/UsetheHTTPEventCollector#Event_metadata


Santosh Sai

AEM BlogsLinkedIn


View solution in original post

Views

184

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
2 Replies

Avatar

Correct answer by
Community Advisor
Community Advisor
8/14/25 7:32:15 PM

Hi @Vishal_Kagde,

Looks like, your JSON payload is too minimal. Splunk HEC expects an event field plus metadata like time, host and sourcetype. Even with 200 OK, missing these can prevent indexing.

Can you try this if it works:

JSONObject payload = new JSONObject();
payload.put("time", System.currentTimeMillis() / 1000);
payload.put("host", "aem-service");
payload.put("sourcetype", "_json");

JSONObject event = new JSONObject();
event.put("message", message);
payload.put("event", event);

 Reference: https://docs.splunk.com/Documentation/Splunk/9.4.2/Data/UsetheHTTPEventCollector#Event_metadata


Santosh Sai

AEM BlogsLinkedIn


Views

185

Replies

1
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Level 2
Level 2
8/15/25 6:19:26 AM
In response to SantoshSai

@SantoshSai Thaat worked, thanks!

Views

159

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Related Conversations
associate multilingual Content Fragments in AEM Solved

Views

491

Likes

0

Replies

1
help understand the effects of an Apache RewriteRule to the request object

Views

44

Likes

0

Replies

2
How to prevent AEM from adding meta tag "keywords"?

Views

555

Likes

0

Replies

3
AMS Sling models not instantiated in AEMaaCS

Views

417

Like

1

Replies

6
is it possible to do a redirect from a Sling Model?

Views

349

Likes

0

Replies

1