Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About tdepuy
tdepuy
Path Finder
Member since:
10-09-2014
06-05-2020
Community Statistics
| Posts | 21 |
| Solutions | 1 |
| Karma Given | 18 |
| Karma Received | 9 |
| Member Since | 10-09-2014 |
Activity Feed
- Got Karma for Re: HTTP Event Collector: Why am I getting error "The requested URL was not found on this server."?. 10-31-2022 11:40 AM
- Karma Re: How to convert JSON array of Name/Value pairs to field/value for event for dubiza. 06-05-2020 12:49 AM
- Karma Re: How to convert JSON array of Name/Value pairs to field/value for event for javiergn. 06-05-2020 12:49 AM
- Karma Re: How to convert JSON array of Name/Value pairs to field/value for event for javiergn. 06-05-2020 12:49 AM
- Karma HTTP event collector 404 error for evanwyk11. 06-05-2020 12:48 AM
- Karma What is the correct URL to set up HTTP Event Collector on Spunk Cloud? for JosIJntema. 06-05-2020 12:48 AM
- Got Karma for Re: What is the correct URL to set up HTTP Event Collector on Spunk Cloud?. 06-05-2020 12:48 AM
- Got Karma for Re: What is the correct URL to set up HTTP Event Collector on Spunk Cloud?. 06-05-2020 12:48 AM
- Got Karma for Re: What is the correct URL to set up HTTP Event Collector on Spunk Cloud?. 06-05-2020 12:48 AM
- Got Karma for Re: HEC url fro cloud instance. 06-05-2020 12:48 AM
- Karma Re: HTTP Event Collector: Why am I getting error "The requested URL was not found on this server."? for JamesGillies. 06-05-2020 12:47 AM
- Karma HTTP Event Collector: Why am I getting error "The requested URL was not found on this server."? for JamesGillies. 06-05-2020 12:47 AM
- Karma Re: Splunk Cloud Trial and Http Event Collector - NOT WORKING for emasyakin. 06-05-2020 12:47 AM
- Karma Re: how to split the json array into multiple new events for prokopowicz. 06-05-2020 12:46 AM
- Karma how to split the json array into multiple new events for wood1986. 06-05-2020 12:46 AM
- Karma Re: Fill in 0 for timechart with missing values for gf13579. 06-05-2020 12:46 AM
- Karma Fill in 0 for timechart with missing values for the_wolverine. 06-05-2020 12:46 AM
- Karma Setup screen with credentials and multiple endpoints for andrew_garvin. 06-05-2020 12:46 AM
- Karma Re: How to count number of events in a search result? for gfuente. 06-05-2020 12:46 AM
- Karma How to count number of events in a search result? for echojacques. 06-05-2020 12:46 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
04-20-2020
09:15 PM
1 Karma
This post is the first search result on google, so I'm reviving it. I kept getting this error when making a curl command from the box itself:
root@splunk:/opt/splunk/bin# curl http://localhost:8088/services/collector/event/ -H "Authorization: Splunk $TOKEN" -d '{
"event": { "stuff": "value" } }'
{"text":"The requested URL was not found on this server.","code":404}
Well, after reading ALL the posts, I tracked it down to the extra "/" on the end, so this works:
root@splunk:/opt/splunk/bin# curl http://localhost:8088/services/collector/event -H "Authorization: Splunk $TOKEN" -d '{
"event": { "stuff": "value" } }'
{"text":"Success","code":0}
root@splunk:/opt/splunk/bin#
I have verified my wall is very sturdy. Or at least it was yesterday.
... View more
04-07-2020
11:12 AM
Hi!
That's not good. The error indicates the underlying python code can't resolve the address of the url. So this means the machine doesn't know about the xmatters.com domain, or the url is somehow mis-configured. Can you double (triple?) check the "Inbound Integration URL" in the xMatters App configuration page. You can see a screen shot on this page, in the "How to install the xMatters integration in Splunk" section:
https://help.xmatters.com/integrations/logmgmt/splunk.htm?cshid=Splunk
The url in that field should be the url generated in the built-in configuration on the xMatters side.
If the url is correct, I would be interested if you get the same error using "https://www.google.com". If you do get the same error that would definitely point to a DNS configuration issue on the box and you'd need to follow up with Splunk support. If you get a different error, it still might be a DNS issue, but might help point us in the right direction.
(full disclosure, I work for xMatters)
Happy Tuesday!
... View more
09-04-2019
08:34 AM
I signed up for a new account a couple of months ago and I didn't have a problem enabling the HEC per the docs above. As noted in my answer the url will be the url of your Splunk hostname prefixed with input- and suffixed by :8088. For example, if your Splunk url is
https://prd-p-cqzf26jjxqbp.cloud.splunk.com
Then, your target url is::
https://input-prd-p-cqzf26jjxqbp.cloud.splunk.com:8088/services/collector/event
... View more
08-13-2019
11:08 AM
Hey Suresh,
Gurav has some details that might help, but if not, we note in the installation docs here that:
If your Splunk is configured in a clustered environment, make sure you deploy the xMatters app at the deployer level, and not in the Search Head Cluster. See the Splunk documentation for more information on using the deployer to distribute apps.
The link goes on to note:
Caution: You must use the deployer, not the deployment server, to distribute apps to cluster members. Use of the deployer eliminates the possibility of conflict with the run-time updates that the cluster replicates automatically by means of the mechanism described in Configuration updates that the cluster replicates.
I'm not too familiar with the exact process, but we've had customers successfully use this method (hence why it's in the docs). If you are still having trouble, post back and let's see if we can sort it out.
Happy Tuesday!
... View more
04-18-2018
04:44 PM
This was way simpler for me. I'm not sure why you'd want to do a subsearch as in the accepted answer. Thanks!
... View more
04-17-2018
11:59 AM
2 Karma
The answers here were not helping me. The expanded examples in the spath doc were helpful, but as an exercise I wanted to work through this. SO came up with this that seems to be what you want:
| makeresults
| eval _raw="{
\"id\":\"123412341234\",
\"actions\": [
{
\"type\":\"a\",
\"status\":\"b\",
\"amount\": 1,
\"time_updated\": \"2013-10-14T11:00\"
},
{
\"type\":\"c\",
\"status\":\"d\",
\"amount\": 1,
\"time_updated\": \"2013-10-14T12:00\"
}
]
}"
| spath
| rename "actions{}.type" AS type
| rename "actions{}.status" AS status
| rename "actions{}.time_updated" AS time_updated
| rename "actions{}.amount" AS amount
| eval zipped=mvzip( time_updated, mvzip( type, mvzip( status, amount ) ))
| mvexpand zipped
| eval zipped=split( zipped, "," )
| eval time_updated=mvindex( zipped, 0 )
| eval type=mvindex( zipped, 1 )
| eval status=mvindex( zipped, 2 )
| eval amount=mvindex( zipped, 3 )
| table time_updated, id, type, status, amount
Cheers.
... View more
08-02-2017
11:05 AM
1 Karma
See here: https://answers.splunk.com/answers/488523/what-is-the-correct-url-to-set-up-http-event-colle.html#answer-556136
If you are getting a connection refused, make sure the HTTP Event Collector is enabled in Global Settings (Data Inputs >> HTTP Event Collector > Global Settings > Enable).
... View more
07-19-2017
09:37 AM
So the secret is the url needs an input prefix.
See here: https://answers.splunk.com/answers/488523/what-is-the-correct-url-to-set-up-http-event-colle.html#answer-556136
... View more
07-18-2017
02:05 PM
3 Karma
So I was able to open a support case through another department in our organization and the support rep pointed me here:
http://docs.splunk.com/Documentation/SplunkCloud/6.5.0/User/AdddatausingHTTPeventcollector#Add_data_using_HTTP_event_collector
So the url format is:
input-prd-p-XXXXX.cloud.splunk.com:8088/services/collector
Note the input prefix and the 8088 port. That worked for me and the support rep did not state anything needed to be enabled.
I hope that helps.
Also, if you are getting a connection refused, make sure the HTTP Event Collector is enabled in Global Settings (Data Inputs >> HTTP Event Collector > Global Settings > Enable).
Edit: Sorry for the spam. I was getting a 500 error and didn't realize the posts were going through!
Double Edit: Added note for Global Settings
... View more
07-13-2017
04:58 PM
Ditto here? I have no support contract so how does one contact support?
... View more
03-17-2017
11:00 AM
Hopefully you got this straightened out, but you can use the Splunkbase app for xMatters, found here: https://splunkbase.splunk.com/app/2901/. You can use the Alert Action webhooks, but the splunkbase app helps manage the integration to xMatters better.
... View more
10-27-2014
11:10 AM
2 Karma
I am getting the same errors while building my app. I found that nuking the local/app.conf file then restarting splunk resolved the errors, but they would pop up again if I ever wanted to update the credentials.
... View more
10-23-2014
05:42 PM
Yep, definitely a case of barking up the wrong tree. The script was throwing an SSL error that I apparently wasn't logging, and it was painfully obvious when i ran that /opt/splunk/bin/splunk cmd python with my script. Once I remedied the SSL error the HTTPS request was fine.
Thank you for the nudge. I had nearly given up hope.
... View more
10-23-2014
02:19 PM
Having a python wrapper script seems to work. This hard codes the path, but demonstrates the functionality.
#!/opt/splunk/bin/python
from subprocess import call
import sys
call( ["/opt/splunk/bin/node", "/opt/splunk/bin/scripts/test.js"] + sys.argv )
... View more
10-23-2014
11:33 AM
Darn, then it is a case of me barking up the wrong tree? I was trying to isolate why my script didn't seem to be working, so I went to the shell to test and I ran into these SSL errors. From what you are saying, when Splunk calls the Alert Script, it will use essentially that /opt/splunk/bin/splunk cmd python command to run my script, Ergo if my alert script works from there Splunk should have no problems calling it... Which is good news
... View more
10-23-2014
11:09 AM
Well, I think that works?
boba@splunk:/opt/splunk/bin$ /opt/splunk/bin/splunk cmd python
Python 2.7.5 (default, Sep 6 2014, 18:26:42)
[GCC 4.0.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>
>>>
>>> import socket
>>> socket.ssl
<function ssl at 0xb74aa1b4>
>>>
>>>
What are the implications of that being successful?
... View more
10-22-2014
01:56 PM
Does anyone else get this error from python packaged with their splunk instance?
... View more
10-20-2014
04:09 PM
I am getting this error as well. I get a big bad error message if I use "USERNAME_HERE" as @ralphmct I believe is referencing. If I use the * I get more and more password fields. I'm up to 7 now and if I go back to the _new and add a new username/password it seems to add another username/password entry. Did you guys find a way out of this?
... View more
10-16-2014
06:01 PM
Hello,
I am writing an Alert Script to fire results of the Alert to an external system via REST API over HTTPS. Since python doesn't seem to be compiled with HTTPS support, I am looking at other options. It looks like there is a Node.js executable in /opt/splunk/bin which I tested:
boba@splunk:/opt/splunk/bin$
boba@splunk:/opt/splunk/bin$ pwd
/opt/splunk/bin
boba@splunk:/opt/splunk/bin$ ./node --version
v0.8.14
boba@splunk:/opt/splunk/bin$ ./node
> var https = require( 'https' )
undefined
>
undefined
> https
{ Server: { [Function: Server] super_: { [Function: Server] super_: [Object] } },
createServer: [Function],
globalAgent:
{ domain: null,
_events: { free: [Function] },
_maxListeners: 10,
options: {},
requests: {},
sockets: {},
maxSockets: 5,
createConnection: [Function: createConnection] },
Agent:
{ [Function: Agent]
super_:
{ [Function: Agent]
super_: [Function: EventEmitter],
defaultMaxSockets: 5 } },
request: [Function],
get: [Function] }
>
However, when I try to call my "/opt/splunk/bin/scripts/test.js" script:
boba@splunk:/opt/splunk/bin/scripts$ cat test.js
!/opt/splunk/bin/node
"use strict"
var https = require( 'https' );
var fs = require( 'fs' );
var LOGFILE = "my.log"
fs.appendFile( LOGFILE, "Parms: " + process.argv + "\n" )
from the Alert, the splunkd.log prints this:
splunkd.log:10-16-2014 17:28:28.304 -0700 ERROR script - command="runshellscript", Cannot find script at /opt/splunk/bin/scripts/test.js
Despite this:
boba@splunk:/opt/splunk/bin/scripts$ file /opt/splunk/bin/scripts/test.js
/opt/splunk/bin/scripts/test.js: a /opt/splunk/bin/node script, ASCII text executable
... View more
10-09-2014
10:22 AM
Hey guys,
I'm trying to get my Alert script to send details of the alert to my server. The server only allows https connections, and it seems the built in python does not support ssl:
boba@splunk:/opt/splunk/bin/scripts$ /opt/splunk/bin/python
Python 2.7.5 (default, Sep 6 2014, 18:26:42)
[GCC 4.0.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>>
>>> import socket
>>> socket.ssl
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: 'module' object has no attribute 'ssl'
>>>
>>>
>>> import httplib
>>> httplib.HTTPSConnection
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
AttributeError: 'module' object has no attribute 'HTTPSConnection'
>>>
Ideally, I would like to have no dependencies on the environmental python, and only use Splunk's python. How can I make an HTTPS POST request via /opt/splunk/bin/python?
Thanks!
--- Travis
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:04 AM
|
Karma from
