Splunk Search

Cannot perform action "POST" without a target name Python

haraksin
Path Finder

Hello all,

I am running python 3.4.9 on CentOS 7. The issue I am having is with the following python script:

from yaml import load
from requests import session
from pprint import pprint
from json import dumps

with open('creds.yml', 'r') as cred:
        credsdict = load(cred.read())

s = session()
s.auth = (credsdict['username'], credsdict['password'])
hecdict = {
        'name':'test-hec-1',
        'index':'test_index_one',
        'description':'my test hec',
        'sourcetype':'test_hec',
        'source':'hectest'
}
hectest = s.post("https://splunk-url.com:8089/services/data/inputs/http?output_mode=json", json=hecdict, verify=False)

I keep getting the return payload:

{"messages": [{"text": "Cannot perform action "POST" without a target name to act on.","type": "ERROR"}]}

This makes me think that Splunk cannot handle python's request library posts. Is this a known bug?

Tags (1)
0 Karma

starcher
SplunkTrust
SplunkTrust

That is the wrong endpoint to submit events to. You want the event endpoint. Though you would have an easier time using an already written HEC python class.

https://github.com/georgestarcher/Splunk-Class-httpevent

0 Karma

haraksin
Path Finder

Thanks for your response. I'm not trying to submit an event, as you can see there is no event field in the dictionary nor is there any existing HEC token that I'm passing through the headers. I'm trying to CREATE an HEC token, although this is probably my fault, as I should've put it in the description of the issue. My fault.

Also I took a look at the github repo you linked and the documentation appears to be lacking, so for now I'm going to be using my own scripts. But thanks for the heads up!

0 Karma

haraksin
Path Finder

And yes, I have removed everything except the "name" argument in the hecdict and I have tried removing the "?output_mode=json" from the request and it still doesn't work.

0 Karma

haraksin
Path Finder

And I can use a curl command with all of the inputs i have in the hecdict

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...