All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk MINT SDK for Android: Why is sending events to an HTTP Event Collector resulting in errors?

rcho
Engager
‎11-08-2016 03:01 PM

Hi,

We are trying to use the Splunk Mint SDK for Android to send events to an HTTP Event Collector, however we are getting 400 responses. When we inspect the data being sent we are seeing something like '{^1event^:timestamp} being added between log events. This is causing HTTP 400 responses when we try to send. This string appears to be hardcoded in the Properties.getSeparator function--what is the purpose of this? I feel like I must be doing something wrong but we are following the quickstart and literally just doing something like Mint.logEvent("Button1 pressed");

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

croyal_splunk
Splunk Employee
Splunk Employee
‎11-09-2016 09:53 AM

There's < protocol>://:/services/collector/event for generic events you want to send to HEC
and there's a special < protocol>://:/services/collector/mint for MINT events

The /mint endpoint specifically processes the "{^1event^:timestamp}" object after every event and indexes based on sourcetype/timestamp

You may be getting 400 errors because you are using /event and not /mint or you could have the wrong HEC token

Please review Data Collection Docs and info on HEC token.

View solution in original post

Reply
Solved! Jump to solution
Solution

croyal_splunk
Splunk Employee
Splunk Employee
‎11-09-2016 09:53 AM

There's < protocol>://:/services/collector/event for generic events you want to send to HEC
and there's a special < protocol>://:/services/collector/mint for MINT events

The /mint endpoint specifically processes the "{^1event^:timestamp}" object after every event and indexes based on sourcetype/timestamp

You may be getting 400 errors because you are using /event and not /mint or you could have the wrong HEC token

Please review Data Collection Docs and info on HEC token.

Reply
Solved! Jump to solution

rcho
Engager
‎11-09-2016 09:55 AM

yeah thanks, i figured that out after i posted the question but was waiting for moderation period to update this 🙂 thanks!

Reply
Get Updates on the Splunk Community!

Join Us for Splunk University and Get Your Bootcamp Game On!

If you know, you know! Splunk University is the vibe this summer so register today for bootcamps galore ...

.conf24 | Learning Tracks for Security, Observability, Platform, and Developers!

.conf24 is taking place at The Venetian in Las Vegas from June 11 - 14. Continue reading to learn about the ...

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...