I have an authentication token which I have found success using curls and the REST API.
I'm trying to drop limited log events from a Java application in AWS.
All of the documentation that I can find discusses using username and password with the Java SDK client.
But I only have HEC token and endpoint.
It's working perfectly fine on my test Splunk.
service = new Service("HOST",Port);
String credentials = "Username:Password";
String basicAuthHeader = Base64.encode(credentials.getBytes());
service.setToken("Basic " + basicAuthHeader);
But i don't have username and password for production Splunk, have only HEC endpoint and token.
So when I am trying to do
service = new Service("HOST",Port);
service.setToken("MY HEC TOKEN");
I am getting UnAuthorized Exception
Is there any way to use Java SDK w/o username and password.
Set the Authentication header to "Splunk <token>". You'll also need to make sure to use the HEC URI and port.
Thanks @richgalloway
When I am trying that below exception is coming
Exception in thread "main" com.splunk.HttpException: HTTP 404 -- {"text":"The requested URL was not found on this server.","code":404}
at com.splunk.HttpException.create(HttpException.java:84)
at com.splunk.HttpService.send(HttpService.java:500)
at com.splunk.Service.send(Service.java:1295)
My Code
service = new Service("XX.XX.XX.XX",8088);
service.setToken("Splunk #TOKEN");
Below Curl is working fine for me.
curl -k https://XX.XX.XX.XX:8088/services/collector -H "Authorization: Splunk #TOKEN" -d '{"event": "hello world"}'
Should I use XX.XX.XX.XX/services/collector as HEC URI. Can you also confirm whether I am using the right URI or not.
I am running Splunk Enterprise on ec2 with Public IP XX.XX.XX.XX:443. and I am using XX.XX.XX.XX:8088 as HEC URI and Port.
Can you please help with this as well.
Thanks Again.
I'm not sure what service your code uses, but this seems not right
service.setToken("Splunk #TOKEN");
The code should set an HTTP header called "Authentication" with the value "Splunk " followed by the HEC token. It should be the Java equivalent to the curl option -H "Authorization: Splunk #TOKEN"
If the URL works for curl then it should work for Java as well.