Dashboards & Visualizations

HEC {"text":"Token is required","code":2}

jadengoho
Builder

I have an HEC in my localhost apparently I cant send a message to it using this command

curl -k https://localhost:8088/services/collector/event -H 'Authorization: Splunk be6e9136-cf55-4ace-9770-51626303d2e2' -d"{\"event\": \"hello $HOSTNAME\"}"

curl -k -u "x:be6e9136-cf55-4ace-9770-51626303d2e2" https://localhost:8088/services/collector -d '{"sourcetype": "trialHEC", "event":"Hello, World!"}'

they come back with :
{"text":"Token is required","code":2}
curl: (6) Could not resolve host: be6e9136-cf55-4ace-9770-51626303d2e2

I am running the latest Splunk, just want to know why I cant sent a successful command?

Tags (1)
0 Karma
1 Solution

jadengoho
Builder

I finally solve it ,
There are difference between Windows and Linux syntax

i do solve this by
changing single quote (') with double quotes("" ) and escaping the inner double quotes("") into (\"")

windows :
curl -k https://localhost:8088/services/collector -H "Authorization:Splunk be6e9136-cf55-4ace-9770-51626303d2e2" -d "{\"sourcetype\":\"trialHEC\", \"event\":\"Hello,World!\"}"

Nix*:

curl -k https://localhost:8088/services/collector -H 'Authorization':'Splunk be6e9136-cf55-4ace-9770-51626303d2e2' -d '{"sourcetype":"trialHEC", "event":"Hello,World!"}'

View solution in original post

jadengoho
Builder

I finally solve it ,
There are difference between Windows and Linux syntax

i do solve this by
changing single quote (') with double quotes("" ) and escaping the inner double quotes("") into (\"")

windows :
curl -k https://localhost:8088/services/collector -H "Authorization:Splunk be6e9136-cf55-4ace-9770-51626303d2e2" -d "{\"sourcetype\":\"trialHEC\", \"event\":\"Hello,World!\"}"

Nix*:

curl -k https://localhost:8088/services/collector -H 'Authorization':'Splunk be6e9136-cf55-4ace-9770-51626303d2e2' -d '{"sourcetype":"trialHEC", "event":"Hello,World!"}'

niketn
Legend

@jadengoho, glad you figured it out. The same has been called out in Splunk Docs and Splunk Dev

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma

jadengoho
Builder

yes but i don't see it on first , HAHAHAHAH

0 Karma
Get Updates on the Splunk Community!

See just what you’ve been missing | Observability tracks at Splunk University

Looking to sharpen your observability skills so you can better understand how to collect and analyze data from ...

Weezer at .conf25? Say it ain’t so!

Hello Splunkers, The countdown to .conf25 is on-and we've just turned up the volume! We're thrilled to ...

How SC4S Makes Suricata Logs Ingestion Simple

Network security monitoring has become increasingly critical for organizations of all sizes. Splunk has ...