Would like to create an HEC token based on an api call.
Whenever a new instance (EC2) is coming up, it would make a call to splunk enterprise using the api gateway. splunk enterpise may need to create an HEC token and send a response back to the EC2 instance.
Later, the HEC token created will be mapped to an index and other conf file would be changed.
"Is there a way to create HEC token on API call ?"
post the creation of HEC token, is there a way to find the same
Yes you can create HEC Token using Splunk REST API , have a look at this documentation https://docs.splunk.com/Documentation/Splunk/7.2.5/RESTREF/RESTinput#data.2Finputs.2Fhttp
I have created sample token in my lab and it is working fine and below command I have used. You can create python script to achieve this and when you fire below REST API it will provide Response in which token value will be there
curl -k -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/http -d name=test -d index=main -d indexes=main,summary
Thanks for the help.
Yes, using the curl command, i have created the HEC token. but my requirement here is.
1) On Creating HEC token using a dummy index. should trigger a script, which should in-turn create the index.conf and push it to deployment server and then callback rest api to update the index details in input.conf for respective HEC token.
the challenge it to invoke a script, on creation of HEC token
it is possible to call a script to create a index.conf file, on completion of above said Restapi call.
would like to create the HEC using dummy index, then a script to create index.conf to deploy across the index cluster. post index.conf deployment, a script to call input.conf to update the index name.
You can create python script with Splunk Python SDK to create HEC token and then when you will get 200 response from Splunk invoke your other script.
appreciate your help so far,
my requirement is.....
1) for a api call from EC2 instance,Create a HEC token and send a respond back .
2) on creating HEC token, further do a subsequent call to create index.conf, auth.conf and deploy it to the cluster.
so far i have achieved the step 1, HEC token got created and responded back to the API call with HEC token.
Now,would like to know, how can i do a subsequent call(post the Rest api call to create HEC token) to create index.conf
Can you see this help
- curl command to get token
- build conf files and then move them in a git repo
- have a schedule sync job to sync all conf file between git repo and deployment server
,You might be able to solve this as below
- Use curl to get token
- build conf file -> upload it to a git repo/s3 and then a schedule job sync these conf files to Splunk deployment server.