topic Re: HTTP Event Collector: Is there a working example with cURL on Windows? in Getting Data In

HTTP Event Collector: Is there a working example with cURL on Windows?

fdarrigo — Wed, 24 Feb 2016 15:46:40 GMT

I've started experimenting with the HTTP event collector recently, and I like what I have seen so far.
There are a few great articles online describing the HTTP architecture with simple examples of using cURL to POST data to an HTTP event collector. However, there are nuances using cURL on Windows and posting multiple values in an event, which are best explained via working code.

The following example posts two events: "Breakfast Order" (simple event) and an event with three breakfast items (more complex event) to a Splunk indexer via the HTTP collector.

curl -k https://10.19.16.101:8088/services/collector/event -H "Authorization: Splunk 982D05B0-8603-4311-A1AF-32462BA47C9F" -d "{\"event\":\"Breakfast Order\"} {\"event\":{\"coffee\":\"double cream double sugar\",\"muffin\":\"blueberry\",\"juice\":\"none\"}}"
{"text":"Success","code":0}

Windows errors when you use the single quotes ' so, change them to double quotes " and escape the other double quotes \"

Thanks goes to:
Glenn Block for this article http://blogs.splunk.com/2015/10/06/http-event-collector-your-direct-event-pipe-to-splunk-6-3/
And whomever wrote this article: http://dev.splunk.com/view/event-collector/SP-CAAAE7F

Re: HTTP Event Collector: Is there a working example with cURL on Windows?

gblock_splunk — Wed, 24 Feb 2016 16:47:48 GMT

Glad you like it and thanks for sharing!

Re: HTTP Event Collector: Is there a working example with cURL on Windows?

ppablo — Thu, 25 Feb 2016 00:40:48 GMT

Thanks for sharing @fdarrigo 🙂 Would you actually be able to post your formal answer in the "Enter your answer here..." box below and Accept it? Otherwise, this helpful post will float in limbo as unresolved on Answers. Thanks, and I'll upvote the answer once it's posted. Cheers!

Patrick

Re: HTTP Event Collector: Is there a working example with cURL on Windows?

fdarrigo — Thu, 25 Feb 2016 14:14:38 GMT

For a more complete understanding of the http-event-collector, check out the links I referenced above.

Re: HTTP Event Collector: Is there a working example with cURL on Windows?

Damien_Dallimor — Sun, 28 Feb 2016 10:55:28 GMT

This post may interest you also as a potential alternative to Curl on Windows.

https://answers.splunk.com/answers/373010/powershell-sample-for-http-event-collector.html

Re: HTTP Event Collector: Is there a working example with cURL on Windows?

Graham_Hanningt — Fri, 06 May 2016 03:03:58 GMT

I use cURL on Windows for ad hoc EC ingestion. To avoid escaping quotes, I save my JSON to a file, and refer to that file in the curl -d option by prefixing the path with an at sign (@). For example:

-d @ec_input.json

For details, see the curl man page.

I also use a variety of homegrown PowerShell scripts (.ps1), batch files (.bat) - some of which are simply wrappers for curl - and Java programs to send JSON to EC. For example, I use Java to massage JSON lines-formatted event data with an ISO 8601-formatted time stamp field into EC "packets" with a Unix Epoch time metadata field.

Re: HTTP Event Collector: Is there a working example with cURL on Windows?

Arpit_S — Fri, 30 Aug 2019 10:22:26 GMT

Hi @fdarrigo,

I was able to send test events using the below command few days back.

irm -Method Post -Uri "https://URL.com/services/collector/event" -Headers @{Authorization = "Splunk "} -Body '{"event": "test1 "}'

But when I tried sending a test event today it gave me an error.

irm : The underlying connection was closed: An unexpected error occurred on a send.
At line:1 char:1
+ irm -Method Post -Uri "https://URL.com/ ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebE
eption
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand

Any idea what could be causing this?

Thanks.

Re: HTTP Event Collector: Is there a working example with cURL on Windows?

efavreau — Thu, 10 Oct 2019 20:04:14 GMT

This question is a few year old, but here's the latest answer in case someone else needs it...

If your Windows 10 build is 17063 or later, you have curl.exe built into Windows. Source: https://techcommunity.microsoft.com/t5/Containers/Tar-and-Curl-Come-to-Windows/ba-p/382409

How to check your build? Press the Windows key and the r key at the same time, sometimes noted as WIN+R, to open the Run dialog box. Type winver in the run box and press enter.

How to use curl on Windows? Call curl.exe and use parameters Just like curl on Linux or Mac. So your line #1 becomes:

curl.exe -k https://10.19.16.101:8088/services/collector/event -H "Authorization: Splunk 982D05B0-8603-4311-A1AF-32462BA47C9F" -d "{\"event\":\"Breakfast Order\"} {\"event\":{\"coffee\":\"double cream double sugar\",\"muffin\":\"blueberry\",\"juice\":\"none\"}}"