All Apps and Add-ons

Splunk MINT SDK for Android: Why is sending events to an HTTP Event Collector resulting in errors?

Engager

Hi,

We are trying to use the Splunk Mint SDK for Android to send events to an HTTP Event Collector, however we are getting 400 responses. When we inspect the data being sent we are seeing something like '{^1event^:timestamp} being added between log events. This is causing HTTP 400 responses when we try to send. This string appears to be hardcoded in the Properties.getSeparator function--what is the purpose of this? I feel like I must be doing something wrong but we are following the quickstart and literally just doing something like Mint.logEvent("Button1 pressed");

0 Karma
1 Solution

Splunk Employee
Splunk Employee

There's < protocol>://:/services/collector/event for generic events you want to send to HEC
and there's a special < protocol>://:/services/collector/mint for MINT events

The /mint endpoint specifically processes the "{^1event^:timestamp}" object after every event and indexes based on sourcetype/timestamp

You may be getting 400 errors because you are using /event and not /mint or you could have the wrong HEC token

Please review Data Collection Docs and info on HEC token.

View solution in original post

Splunk Employee
Splunk Employee

There's < protocol>://:/services/collector/event for generic events you want to send to HEC
and there's a special < protocol>://:/services/collector/mint for MINT events

The /mint endpoint specifically processes the "{^1event^:timestamp}" object after every event and indexes based on sourcetype/timestamp

You may be getting 400 errors because you are using /event and not /mint or you could have the wrong HEC token

Please review Data Collection Docs and info on HEC token.

View solution in original post

Engager

yeah thanks, i figured that out after i posted the question but was waiting for moderation period to update this 🙂 thanks!