Hi All,

I am trying to post some data to splunk via QT's Network Module. Currently, I have the HEC setup to where it can receive cURL's:

curl -k -H "Authorization: Splunk XXXXXXXXXXXXXXXXXXXXX" https://splunkserver:8088/services/collector/event -d '{"sourcetype": "mysourcetype", "event": "http auth ftw!"}',

but I get no reply for the server when trying this code (even though the traffic is confirmed via Wireshark to be making it to the Splunk server). The server is set up to receive jsonnotimestamp data. Here is the function being called with the same input url as the above cURL command:

void Net::ConnectToSplunk(QString url)
{
QUrl qrl(url);//QUrl has network adress
manager = new QNetworkAccessManager(this);//create manager
connect(manager, SIGNAL(finished(QNetworkReply*)),
this, SLOT(replyFinished(QNetworkReply*)));

//Set up request url
QNetworkRequest request;
request.setUrl(url);
QString headerData = "Splunk XXXXXXXXXXXXXXXXXXXXXXXXXX";
request.setRawHeader("Authorization:", headerData.toLocal8Bit());

//Set up payload
map.insert("event", "auth1234");
map.insert("sourcetype", "mysourcetype");
QByteArray payload=QJsonDocument::fromVariant(map).toJson();
qDebug() << QVariant(payload).toString();
qDebug() << request.rawHeaderList();

QNetworkReply *reply = manager->post(request,payload);
qDebug() << reply->readAll();
qDebug() << "Headers:"<< reply->rawHeaderList()<< "content:" << reply->readAll();

if ( reply->error() != QNetworkReply::NoError ) {
qWarning() <<"ErrorNo: "<< reply->error() << "for url: " << reply->url().toString();
qDebug() << "Request failed, " << reply->errorString();
qDebug() << "Headers:"<< reply->rawHeaderList()<< "content:" << reply->readAll();
}
}

I get the following debug output (No response at all from Splunk):
"{\n \"event\": \"auth1234\",\n \"sourcetype\": \"mysourcetype\"\n}\n"
("Authorization:")
""
Headers: () content: ""

I even set up a json server on the same server as the Splunk server and it is receiving the post request just fine. Any ideas?

Thanks.