Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

HEC {"text":"Token is required","code":2}

jadengoho
Builder
‎03-18-2018 08:00 PM

I have an HEC in my localhost apparently I cant send a message to it using this command

curl -k https://localhost:8088/services/collector/event -H 'Authorization: Splunk be6e9136-cf55-4ace-9770-51626303d2e2' -d"{\"event\": \"hello $HOSTNAME\"}"

curl -k -u "x:be6e9136-cf55-4ace-9770-51626303d2e2" https://localhost:8088/services/collector -d '{"sourcetype": "trialHEC", "event":"Hello, World!"}'

they come back with :
{"text":"Token is required","code":2}
curl: (6) Could not resolve host: be6e9136-cf55-4ace-9770-51626303d2e2

I am running the latest Splunk, just want to know why I cant sent a successful command?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jadengoho
Builder
‎03-18-2018 10:42 PM

I finally solve it ,
There are difference between Windows and Linux syntax

i do solve this by
changing single quote (') with double quotes("" ) and escaping the inner double quotes("") into (\"")

windows :
curl -k https://localhost:8088/services/collector -H "Authorization:Splunk be6e9136-cf55-4ace-9770-51626303d2e2" -d "{\"sourcetype\":\"trialHEC\", \"event\":\"Hello,World!\"}"

Nix*:

curl -k https://localhost:8088/services/collector -H 'Authorization':'Splunk be6e9136-cf55-4ace-9770-51626303d2e2' -d '{"sourcetype":"trialHEC", "event":"Hello,World!"}'

View solution in original post

Reply
Solved! Jump to solution
Solution

jadengoho
Builder
‎03-18-2018 10:42 PM

I finally solve it ,
There are difference between Windows and Linux syntax

i do solve this by
changing single quote (') with double quotes("" ) and escaping the inner double quotes("") into (\"")

windows :
curl -k https://localhost:8088/services/collector -H "Authorization:Splunk be6e9136-cf55-4ace-9770-51626303d2e2" -d "{\"sourcetype\":\"trialHEC\", \"event\":\"Hello,World!\"}"

Nix*:

curl -k https://localhost:8088/services/collector -H 'Authorization':'Splunk be6e9136-cf55-4ace-9770-51626303d2e2' -d '{"sourcetype":"trialHEC", "event":"Hello,World!"}'

Reply
Solved! Jump to solution

niketn
Legend
‎03-18-2018 11:15 PM

@jadengoho, glad you figured it out. The same has been called out in Splunk Docs and Splunk Dev

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

jadengoho
Builder
‎03-18-2018 11:17 PM

yes but i don't see it on first , HAHAHAHAH

0 Karma
Reply
Get Updates on the Splunk Community!

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...