Hi,
We are trying to use the Splunk Mint SDK for Android to send events to an HTTP Event Collector, however we are getting 400 responses. When we inspect the data being sent we are seeing something like '{^1event^:timestamp}
being added between log events. This is causing HTTP 400 responses when we try to send. This string appears to be hardcoded in the Properties.getSeparator function--what is the purpose of this? I feel like I must be doing something wrong but we are following the quickstart and literally just doing something like Mint.logEvent("Button1 pressed");
There's < protocol>://:/services/collector/event for generic events you want to send to HEC
and there's a special < protocol>://:/services/collector/mint for MINT events
The /mint endpoint specifically processes the "{^1event^:timestamp}" object after every event and indexes based on sourcetype/timestamp
You may be getting 400 errors because you are using /event and not /mint or you could have the wrong HEC token
Please review Data Collection Docs and info on HEC token.
There's < protocol>://:/services/collector/event for generic events you want to send to HEC
and there's a special < protocol>://:/services/collector/mint for MINT events
The /mint endpoint specifically processes the "{^1event^:timestamp}" object after every event and indexes based on sourcetype/timestamp
You may be getting 400 errors because you are using /event and not /mint or you could have the wrong HEC token
Please review Data Collection Docs and info on HEC token.
yeah thanks, i figured that out after i posted the question but was waiting for moderation period to update this 🙂 thanks!