https://community.splunk.com/t5/Splunk-Cloud-Platform/HTTP-Event-Collector-URL/m-p/538000#M490 <P>Hi,</P><P>I'm using the free cloud trial, and none of the URLs suggested within the <A href="https://docs.splunk.com/Documentation/Splunk/8.1.1/Data/UsetheHTTPEventCollector" target="_self">documentation</A> work.</P><P><FONT face="courier new,courier">[HOST]/services/collector</FONT> throws a 303 error, redirecting to <FONT face="courier new,courier">[HOST]/en-GB/services/collector</FONT> which in turn throws a 404 error.</P><P><FONT face="courier new,courier">input-[HOST], inputs-[HOST], http-inputs-[HOST] do not resolve.</FONT></P><P><FONT face="courier new,courier">inputs.[HOST]</FONT> resolves, but throws an SSL error as the wildcard cert attached to it does not cover the extra tier in the FQDN.<BR /><BR /><FONT face="courier new,courier">[HOST]:8088</FONT> resolves, but throws an SSL error as the cert attached to it does not match the FQDN (<SPAN class="info">SplunkServerDefaultCert</SPAN>).<BR /><BR />Any idea what I should be using?<BR /><BR />TIA,<BR />Martin...</P><P>&nbsp;</P> Sun, 31 Jan 2021 12:23:30 GMT hnfd73hd8sjhDD 2021-01-31T12:23:30Z https://community.splunk.com/t5/Splunk-Cloud-Platform/HTTP-Event-Collector-URL/m-p/538000#M490 <P>Hi,</P><P>I'm using the free cloud trial, and none of the URLs suggested within the <A href="https://docs.splunk.com/Documentation/Splunk/8.1.1/Data/UsetheHTTPEventCollector" target="_self">documentation</A> work.</P><P><FONT face="courier new,courier">[HOST]/services/collector</FONT> throws a 303 error, redirecting to <FONT face="courier new,courier">[HOST]/en-GB/services/collector</FONT> which in turn throws a 404 error.</P><P><FONT face="courier new,courier">input-[HOST], inputs-[HOST], http-inputs-[HOST] do not resolve.</FONT></P><P><FONT face="courier new,courier">inputs.[HOST]</FONT> resolves, but throws an SSL error as the wildcard cert attached to it does not cover the extra tier in the FQDN.<BR /><BR /><FONT face="courier new,courier">[HOST]:8088</FONT> resolves, but throws an SSL error as the cert attached to it does not match the FQDN (<SPAN class="info">SplunkServerDefaultCert</SPAN>).<BR /><BR />Any idea what I should be using?<BR /><BR />TIA,<BR />Martin...</P><P>&nbsp;</P> Sun, 31 Jan 2021 12:23:30 GMT https://community.splunk.com/t5/Splunk-Cloud-Platform/HTTP-Event-Collector-URL/m-p/538000#M490 hnfd73hd8sjhDD 2021-01-31T12:23:30Z https://community.splunk.com/t5/Splunk-Cloud-Platform/HTTP-Event-Collector-URL/m-p/538210#M491 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/231053">@hnfd73hd8sjhDD</a>,</P><P>According to documentation our should use below URL; (you should replace stackname with yours)</P><LI-CODE lang="markup">https://stackname.splunkcloud.com:8088/services/collector/event</LI-CODE><P>&nbsp;</P> Tue, 02 Feb 2021 04:52:57 GMT https://community.splunk.com/t5/Splunk-Cloud-Platform/HTTP-Event-Collector-URL/m-p/538210#M491 scelikok 2021-02-02T04:52:57Z https://community.splunk.com/t5/Splunk-Cloud-Platform/HTTP-Event-Collector-URL/m-p/538225#M492 <P>Hi,</P><P>Thanks for the reply!</P><P>As noted: using that URI throws an SSL error as the certificate doesn't match (the cert returned is a default one, not the one for the stack).</P><P>Any other suggestions?</P><P>Martin...</P><P>&nbsp;</P> Tue, 02 Feb 2021 07:46:11 GMT https://community.splunk.com/t5/Splunk-Cloud-Platform/HTTP-Event-Collector-URL/m-p/538225#M492 hnfd73hd8sjhDD 2021-02-02T07:46:11Z https://community.splunk.com/t5/Splunk-Cloud-Platform/HTTP-Event-Collector-URL/m-p/538230#M493 <P>Hi&nbsp;<a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/231053">@hnfd73hd8sjhDD</a>,</P><P>I believe Splunk Free Cloud Trail uses self sign certificate. That is why you may need to disable certificate check on your tests.</P> Tue, 02 Feb 2021 07:55:44 GMT https://community.splunk.com/t5/Splunk-Cloud-Platform/HTTP-Event-Collector-URL/m-p/538230#M493 scelikok 2021-02-02T07:55:44Z https://community.splunk.com/t5/Splunk-Cloud-Platform/HTTP-Event-Collector-URL/m-p/538263#M494 <P>Thanks for your reply.</P><P>Is that a definite (have you tried it yourself?)</P><P>The problem is that the library I'm using doesn't have the ability to disable SSL validation (it's an intentional choice: if it isn't there as an option, someone can't accidentally make a mistake and push it to a live environment).</P><P>If that is the case, then the documentation definitely needs cleaning up, and a note added to this effect (apart from there being contradicting examples in ther same document about which URI to use). <span class="lia-unicode-emoji" title=":winking_face:">😉</span></P><P>Martin...</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 02 Feb 2021 11:13:02 GMT https://community.splunk.com/t5/Splunk-Cloud-Platform/HTTP-Event-Collector-URL/m-p/538263#M494 hnfd73hd8sjhDD 2021-02-02T11:13:02Z https://community.splunk.com/t5/Splunk-Cloud-Platform/HTTP-Event-Collector-URL/m-p/538271#M495 <P>As far as I know it is self signed for free trial. But this is not a new info.</P><P>You can confirm with Splunk support.</P> Tue, 02 Feb 2021 12:17:40 GMT https://community.splunk.com/t5/Splunk-Cloud-Platform/HTTP-Event-Collector-URL/m-p/538271#M495 scelikok 2021-02-02T12:17:40Z https://community.splunk.com/t5/Splunk-Cloud-Platform/HTTP-Event-Collector-URL/m-p/538272#M496 <P>I've just tried using curl (with verification off) and it works ok (event ends up in the right place).</P><P>(thanks for your help).</P><P>Seems like a potential bin-fire in the waiting for anyone evaluating Splunk though. Someone now has to remember to re-enable TLS validation if they move from free to cloud/enterprise, otherwise their sensitive log data is accessible by anyone along the network path who wants to MITM the connection.</P><P>Martin...</P> Tue, 02 Feb 2021 12:20:18 GMT https://community.splunk.com/t5/Splunk-Cloud-Platform/HTTP-Event-Collector-URL/m-p/538272#M496 hnfd73hd8sjhDD 2021-02-02T12:20:18Z