- Splunk Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- Error Connecting to HTTP Event Collector
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Error Connecting to HTTP Event Collector
Hi
I sign up for splunk free cloud trial instance and created the HTTP Event Collector as per link here
Link - http://dev.splunk.com/view/event-collector/SP-CAAAE7F
When I try to call following HEC curl from postman, I am unable to connect and do not get any response
curl -k https://:8088/services/collector -H 'Authorization: Splunk ' -d '{"sourcetype": "mysourcetype", "event":"Hello, World!"}'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Once you create your Splunk instance, here is the curl command I used that works. I'm assuming that this is your localhost.
curl -k http://localhost:8088/services/collector -H "Authorization:Splunk ENTER YOUR TOKEN VALUE" -d '{"sourcetype": "mysourcetype", "event":"Hello, World!"}'
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
your curl command must contain the hostname or IP address
curl -k https://yourhostname:8088/services/collector ...
or perhaps you can try below curl command:
curl -k -u "userID:TOKEN" "https://your_server_name:8088/services/collector/event" -d '{"event": "Hello, world!"}'
if works well you would see below response
{"text":"Success","code":0}
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
also I believe the path is a bit different for splunk cloud:
When creating requests to Splunk Cloud, you must add a prefix to the URI of the hostname according to your subscription. For self-service Splunk Cloud plans, pre-pend the hostname with input-. For all other Splunk Cloud plans, pre-pend the hostname with http-inputs-. In the previous example, the cURL statement would look like the following for self-service Splunk Cloud instances:
curl -k https://input-:8088/services/collector -H 'Authorization: Splunk ' -d '{"event":"Hello, World!"}'
And for all other Splunk Cloud instances:
curl -k https://http-inputs-:8088/services/collector -H 'Authorization: Splunk ' -d '{"event":"Hello, World!"}'
.conf24 | Registration Open!
ICYMI - Check out the latest releases of Splunk Edge Processor
Introducing the 2024 SplunkTrust!
