I have an HEC in my localhost apparently I cant send a message to it using this command
curl -k https://localhost:8088/services/collector/event -H 'Authorization: Splunk be6e9136-cf55-4ace-9770-51626303d2e2' -d"{\"event\": \"hello $HOSTNAME\"}"
curl -k -u "x:be6e9136-cf55-4ace-9770-51626303d2e2" https://localhost:8088/services/collector -d '{"sourcetype": "trialHEC", "event":"Hello, World!"}'
they come back with :
{"text":"Token is required","code":2}
curl: (6) Could not resolve host: be6e9136-cf55-4ace-9770-51626303d2e2
I am running the latest Splunk, just want to know why I cant sent a successful command?
I finally solve it ,
There are difference between Windows and Linux syntax
i do solve this by
changing single quote (') with double quotes("" ) and escaping the inner double quotes("") into (\"")
windows :
curl -k https://localhost:8088/services/collector -H "Authorization:Splunk be6e9136-cf55-4ace-9770-51626303d2e2" -d "{\"sourcetype\":\"trialHEC\", \"event\":\"Hello,World!\"}"
Nix*:
curl -k https://localhost:8088/services/collector -H 'Authorization':'Splunk be6e9136-cf55-4ace-9770-51626303d2e2' -d '{"sourcetype":"trialHEC", "event":"Hello,World!"}'
I finally solve it ,
There are difference between Windows and Linux syntax
i do solve this by
changing single quote (') with double quotes("" ) and escaping the inner double quotes("") into (\"")
windows :
curl -k https://localhost:8088/services/collector -H "Authorization:Splunk be6e9136-cf55-4ace-9770-51626303d2e2" -d "{\"sourcetype\":\"trialHEC\", \"event\":\"Hello,World!\"}"
Nix*:
curl -k https://localhost:8088/services/collector -H 'Authorization':'Splunk be6e9136-cf55-4ace-9770-51626303d2e2' -d '{"sourcetype":"trialHEC", "event":"Hello,World!"}'
@jadengoho, glad you figured it out. The same has been called out in Splunk Docs and Splunk Dev
yes but i don't see it on first , HAHAHAHAH