Getting Data In

Error Connecting to HTTP Event Collector

jinesh_thakkar
New Member

Hi

I sign up for splunk free cloud trial instance and created the HTTP Event Collector as per link here

Link - http://dev.splunk.com/view/event-collector/SP-CAAAE7F

When I try to call following HEC curl from postman, I am unable to connect and do not get any response

curl -k https://:8088/services/collector -H 'Authorization: Splunk ' -d '{"sourcetype": "mysourcetype", "event":"Hello, World!"}'

0 Karma

vkannampuzha
Explorer

Once you create your Splunk instance, here is the curl command I used that works. I'm assuming that this is your localhost.

curl -k http://localhost:8088/services/collector -H "Authorization:Splunk ENTER YOUR TOKEN VALUE" -d '{"sourcetype": "mysourcetype", "event":"Hello, World!"}'

0 Karma

preotesoiu
Path Finder

your curl command must contain the hostname or IP address
curl -k https://yourhostname:8088/services/collector ...

or perhaps you can try below curl command:
curl -k -u "userID:TOKEN" "https://your_server_name:8088/services/collector/event" -d '{"event": "Hello, world!"}'
if works well you would see below response
{"text":"Success","code":0}

0 Karma

preotesoiu
Path Finder

also I believe the path is a bit different for splunk cloud:

When creating requests to Splunk Cloud, you must add a prefix to the URI of the hostname according to your subscription. For self-service Splunk Cloud plans, pre-pend the hostname with input-. For all other Splunk Cloud plans, pre-pend the hostname with http-inputs-. In the previous example, the cURL statement would look like the following for self-service Splunk Cloud instances:
curl -k https://input-:8088/services/collector -H 'Authorization: Splunk ' -d '{"event":"Hello, World!"}'

And for all other Splunk Cloud instances:
curl -k https://http-inputs-:8088/services/collector -H 'Authorization: Splunk ' -d '{"event":"Hello, World!"}'

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...