Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Dashboards & Visualizations
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
- Find Answers
- :
- Using Splunk
- :
- Dashboards & Visualizations
- :
- HTTP Event Collector: How to resolve a "401 Unauth...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
HTTP Event Collector: How to resolve a "401 Unauthorized from Splunk" error when trying to pass token in query string?
PepePelotas
New Member
01-28-2017
08:35 AM
I have enabled allowQueryStringAuth as mentioned in http://dev.splunk.com/view/event-collector/SP-CAAAE8Y#tokenasquery and want to pass my token in the POST request like hxxp://192.168.2.1:8088/services/collector?token= however, i still get a 401 Unauthorized from Splunk.
A splunk btool check --debug gives me:
tmachielsen@TonsMacBookPro:~% /Applications/Splunk/bin/splunk btool check --debug
Checking: /Applications/Splunk/etc/users/admin/search/local/ui-prefs.conf
Checking: /Applications/Splunk/etc/users/admin/search/local/ui-tour.conf
Checking: /Applications/Splunk/etc/users/admin/splunk_monitoring_console/local/ui-prefs.conf
Checking: /Applications/Splunk/etc/users/admin/user-prefs/local/user-prefs.conf
Checking: /Applications/Splunk/etc/apps/learned/local/props.conf
Checking: /Applications/Splunk/etc/apps/search/local/indexes.conf
Checking: /Applications/Splunk/etc/apps/search/local/inputs.conf
Checking: /Applications/Splunk/etc/apps/splunk_httpinput/local/inputs.conf
Invalid key in stanza [http://Speedway Connect] in /Applications/Splunk/etc/apps/splunk_httpinput/local/inputs.conf, line 11: sourcetypeSelection (value: From List).
Did you mean 'sourcetype'?
Did you mean 'source'?
Did you mean 'sourcetype'?
Invalid key in stanza [http://Speedway Connect] in /Applications/Splunk/etc/apps/splunk_httpinput/local/inputs.conf, line 12: allowQueryStringAuth (value: true).
Checking: /Applications/Splunk/etc/apps/splunk_instrumentation/local/telemetry.conf
Checking: /Applications/Splunk/etc/apps/user-prefs/local/user-prefs.conf
Checking: /Applications/Splunk/etc/apps/SplunkForwarder/default/app.conf
Any idea what i do wrong?
Splunk Light 6.5.2 on OSX.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
jtacy
Builder
01-31-2017
09:16 AM
This appears to be a Splunk Cloud feature. It's listed on the Splunk Cloud inputs.conf docs at http://docs.splunk.com/Documentation/Splunk/6.5.1612/Admin/Inputsconf but not the Splunk Enterprise inputs.conf docs at http://docs.splunk.com/Documentation/Splunk/6.5.2/Admin/Inputsconf . Also see http://dev.splunk.com/view/event-collector/SP-CAAAE8Y#tokenasquery which explains that this currently offered in Splunk Cloud and Splunk Light Cloud.
Got questions? Get answers!
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Meet up IRL or virtually!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Get Updates on the Splunk Community!
May 2026 Splunk Expert Sessions: Security & Observability
Level Up Your Operations: May 2026 Splunk Expert Sessions
Whether you are refining your security posture or ...
Network to App: Observability Unlocked [May & June Series]
In today’s digital landscape, your environment is no longer confined to the data center. It spans complex ...
SPL2 Deep Dives, AppDynamics Integrations, SAML Made Simple and Much More on Splunk ...
Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...
