Method Not Allowed

ShayR3 · ‎07-26-2018

Hi
Can you please help me , i got this message :
I have configured :
SPLUNK_HEC_URL = https://verifone.splunkcloud.com:8089/services/collector/
SPLUNK_HEC_TOKEN = FF8E4A4E-D81D-4034-A7C0-0C436F9A7415
This is the wrong message:
{
"errorMessage": "error: statusCode=401\n\n\n\n \n call not properly authenticated\n \n\n",
"errorType": "Error",
"stackTrace": [
"",
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>",
"",
" ",
" call not properly authenticated",
" ",
"",
"",
"IncomingMessage.res.on (/var/task/lib/mysplunklogger.js:77:25)",
"emitOne (events.js:96:13)",
"IncomingMessage.emit (events.js:188:7)",
"readableAddChunk (_stream_readable.js:176:18)",
"IncomingMessage.Readable.push (_stream_readable.js:134:10)",
"HTTPParser.parserOnBody (_http_common.js:123:22)",
"TLSSocket.socketOnData (_http_client.js:362:20)",
"emitOne (events.js:96:13)",
"TLSSocket.emit (events.js:188:7)",
"readableAddChunk (_stream_readable.js:176:18)"
]
}

ytenenbaum_splu · ‎07-26-2018

There are two issues here:
1. Your HEC URL is wrong. For splunk cloud managed instance iy should look like this: https://http-inputs-verifone.splunkcloud.com/services/collector/
2. I tried sending a test event (since you were kind enough to share your token) but I get an error:
curl -k https://http-inputs-verifone.splunkcloud.com/services/collector -H "Authorization: Splunk FF8E4A4E-D81D-4034-A7C0-0C436F9A7415" -d '{"event": "Test"}'
{"text":"Data channel is missing","code":10}
This error message is telling me you have enabled indexer acknowledgment on the token. This will not work.
So you need to create a new token without indexer acknowledgment and then test the curl command again with the correct url.

ShayR3 · ‎07-26-2018

I have created a new HEC token : B9C3AD8B-CC0C-4931-86CE-BB39D698F397
and i tried the following command:
curl -k https://verifone.splunkcloud.com:8089/en-US/services/collector/ -H "Authorization: Splunk B9C3AD8B-CC0C-4931-86CE-BB39D698F397" -d '{"event": "hello world"}'

and i got the next error :

Method Not Allowed

Specified method is not allowed on this resource.

ytenenbaum_splu · ‎07-26-2018

Your URL is wrong again. You need to insert http-inputs- before verifone.splunkcloud.com and remove the port completely.

This works for me:

curl -k https://http-inputs-verifone.splunkcloud.com/services/collector -H "Authorization: Splunk B9C3AD8B-CC0C-4931-86CE-BB39D698F397" -d '{"event": "Test"}'

ShayR3 · ‎07-26-2018

You are great , you are right it's working
You helped me a lot
Many thanks 🙂

ShayR3 · ‎07-26-2018

curl -k https://http-inputs-verifone.splunkcloud.com/un-US/services/collector/ -H "Authorization: Splunk B9C3AD8B-CC0C-4931-86CE-BB39D698F397" -d '{"event": "hello world"}'

i got this :

{"text":"The requested URL was not found on this server.","code":404}

ShayR3 · ‎07-26-2018

You are great , you are right it's working
You helped me a lot
Many thanks 🙂

ShayR3 · ‎07-26-2018

curl -k https://verifone.splunkcloud.com:8089/services/collector/ -H "Authorization: Splunk B9C3AD8B-CC0C-4931-86CE-BB39D698F397" -d '{"event": "hello world"}'

This is too brings me

<msg type="WARN">call not properly authenticated</msg>

CloudWatch to splunk

Method Not Allowed

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services