Solved: HTTP Event Collector SSL problem

DMohn · ‎06-11-2019

Hi all,

I am trying to send events to HEC locally via CLI and keep getting a SSL error. I have looked up several docs, but I have not yet found the solution to it. My problem is like this:

Command:
curl -vvv -k -H "Authorization: Splunk my-hec-token" https://mysplunkhost:8088/services/collector/event -d '{ [aWholeLotOfJSONformattedData] }'

Return is:

* Hostname was NOT found in DNS cache
*   Trying xx.xx.xx.xx...
* Connected to mysplunkhost (xx.xx.xx.xx) port 8088 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs/
* SSLv3, TLS unknown, Certificate Status (22):
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection 0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Any advise on where I can fix this?

DMohn · ‎06-11-2019

Found the solution by myself, after a while.

If you don't enable SSL in the http input setting, Splunk won't accept https calls 🙂

So be aware of that!

View solution in original post

DMohn · ‎06-11-2019

Found the solution by myself, after a while.

If you don't enable SSL in the http input setting, Splunk won't accept https calls 🙂

So be aware of that!

HTTP Event Collector SSL problem

Announcing Scheduled Export GA for Dashboard Studio

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!