Hi all 

Did anyone configure MSO to send logs to Splunk?

I'm trying to set up external streaming on MSO. The only supported service is Splunk. 

I have set up HTTP collector and generated the token. 

MSO keeps saying ... either Authentication Error or Upstream server timing out.

I am 100% sure the root credentials are correct .. I can log in to the cli using the same creds. Even though it says Root password for MSO nodes .. I have tried both Root and GUI passwords and no luck.

Not sure if its an issue with the source type for HTTP event collector. I have tried collectd_http and generic_single_line.. but no luck. 

[root@node1 ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
cutqwidh54c2o5ju4myvuk8cw * node1 Ready Active Leader 19.03.5
ltdhihvt311v2hjjppu7wcqgj node2 Ready Active Reachable 19.03.5
lujn9binkjibb3e21fptaw4c2 node3 Ready Active Reachable 19.03.5

[root@node1 ~]# docker service ls
ID                  NAME                      MODE                REPLICAS            IMAGE                            PORTS
lbkx3ie2a6k9        msc_auditservice          replicated          1/1                 msc-auditservice:2.2.4e
m19772tbtgnc        msc_authyldapservice      replicated          2/2                 msc-authyldap:v.4.0.6
uk4dy76zeoh7        msc_authytacacsservice    replicated          2/2                 msc-authytacacs:v.4.0.6
iwos02arhdu5        msc_backupservice         global              3/3                 msc-backupservice:2.2.4e
qid5xvr3a9xf        msc_cloudsecservice       replicated          1/1                 msc-cloudsecservice:2.2.4e
rjy11tpggbx0        msc_consistencyservice    replicated          1/1                 msc-consistencyservice:2.2.4e
rg8ao5pz0hmv        msc_endpointservice       replicated          2/2                 msc-endpointservice:2.2.4e
vxbouoge9nv8        msc_executionengine       replicated          1/1                 msc-executionengine:2.2.4e
vtl7cxzntdwi        msc_jobschedulerservice   replicated          1/1                 msc-jobschedulerservice:2.2.4e
ssz70vt189rg        msc_kong                  global              3/3                 msc-kong:2.2.4e
223l8p897s4h        msc_kongdb                replicated          1/1                 msc-postgres:9.4
mm4lh5g1izdi        msc_mongodb1              replicated          1/1                 msc-mongo:3.6.m1
p3q6s3bhli7j        msc_mongodb2              replicated          1/1                 msc-mongo:3.6.m1
0555a5gc92lh        msc_mongodb3              replicated          1/1                 msc-mongo:3.6.m1
gg544bnwdahq        msc_pctagvnidservice      replicated          1/1                 msc-pctagvnidservice:2.2.4e
3158ddxds1sp        msc_platformservice       global              3/3                 msc-platformservice:2.2.4e
yqbyvnco3mjs        msc_policyservice         replicated          1/1                 msc-policyservice:2.2.4e
u09q6i8ud4w4        msc_schemaservice         replicated          2/2                 msc-schemaservice:2.2.4e
qts1kzedhbgh        msc_siteservice           replicated          2/2                 msc-siteservice:2.2.4e
e3kg0p47cx8g        msc_syncengine            replicated          2/2                 msc-syncengine:2.2.4e
ozcj8uxb19bm        msc_ui                    global              3/3                 msc-ui:2.2.4e                    *:443->443/tcp
idhcg4lk03bl        msc_userservice           replicated          2/2                 msc-userservice:2.2.4e
[root@node1 ~]#

Looking for some guidance and help

Thanks