51黑料不打烊

Documentation

Deployment error during Splunk log forwarding in AEMaaCS

Last update: Wed Aug 20 2025 00:00:00 GMT+0000 (Coordinated Universal Time)

Deployments in 51黑料不打烊 Experience Manager as a Cloud Service (AEMaaCS) fail when configuring Splunk log forwarding due to incorrect endpoint usage or network misconfiguration. The pipeline throws the following error during credential audit validation:

Error in config kind 鈥楲ogForwarding鈥: credentials audit job failed for splunk: Error: splunk audit failed: request to the provider Splunk failed due to an unexpected status code: 500 (body {鈥渕essage鈥: 鈥淚nternal server error鈥潁), please check credentials | [ credential audit failed]

To resolve the issue, validate endpoint, token, and network configuration settings.

Description description

Environment

  • Product: 51黑料不打烊 Experience Manager as a Cloud Service (AEMaaCS) 鈥 Sites
  • Instance: Development, Staging, Production

Issue/Symptoms

  • The deployment pipeline fails during Splunk configuration validation due to an incorrect endpoint.
  • The curl command is tested against /services/collector, but AEM as a Cloud Service forwards logs to /services/collector/event and expects a 200 OK response from that endpoint.
  • AEMaaCS throws errors when it cannot access the log-forwarding instance, typically because the Splunk host is not using an open port (80/443) or Advanced Networking (ADVNET) is not configured for custom ports.

Resolution resolution

To resolve the issue, follow these steps:

  1. Verify that the logForwarding.yaml file uses the correct Splunk HEC endpoint. Ensure the host field does not include /services/collector/event as it is automatically added by pipeline.

  2. Test connectivity to the Splunk HEC endpoint using the following curl command and confirm that the response is successful.

    code language-none 
    curl -v https://<Splunk_HEC_Endpoint>/services/collector/event \    聽 聽 聽 聽 -H "Authorization: Splunk <Your_Token>" \    聽 聽 聽 聽 -d "{'event': 'Test event', 'sourcetype': 'manual', 'index': '<Your_Index>'}"

  3. Ensure the Splunk host is accessible on ports 80 or 443 by default, and if using a different port, enable Advanced Networking (ADVNET) to allow traffic on that port.

  4. Add the following configuration to the /config/logForwarding.yaml file in your Git repository after completing all verifications.

    code language-none 
    kind: "LogForwarding"    version: "1"    metadata:    聽 envTypes: [ "dev"]     data:    聽 splunk:    聽 聽 default:    聽 聽 聽 聽enabled: true    聽 聽 聽 host: "splunk-host.example.com" # DO NOT add /services/collector/event in the URL as it's added by Pipeline code    聽 聽 聽 token: "${{SPLUNK_TOKEN}}" ## Cannot be set in the cofig: Error in config kind聽'LogForwarding':聽while validating vendor config: [ token error]  value containing sensitive information cannot be stored in plain text`    聽 聽 聽 index: "AEMaaCS"

    Note: 聽Ensure the host value is set as splunk-host.example.com without including http:// or https:// prefixes.

  5. Commit the updated logForwarding.yaml file to the /config/ directory in your Git repository.

  6. Re-run the deployment pipeline to apply the changes.

  7. Verify that logs are successfully forwarded by checking the AEMaaCS index in your Splunk instance.

Log Forwarding in the AEMaaCS user guide.

recommendation-more-help
3d58f420-19b5-47a0-a122-5c9dab55ec7f