Getting Data In

Add data programmatically using REST API

splunkreal
Motivator

Hello guys,

do you have example of script or curl commands using REST API to add data?

There is https://docs.splunk.com/Documentation/Splunk/9.0.4/RESTREF/RESTinput#data.2Finputs.2Fmonitor but how to specify serverclass?

Thanks for your help.

 

* If this helps, please upvote or accept solution if it solved *
Labels (4)
0 Karma

GaetanVP
Contributor

Hello @splunkreal,

Yes, first you need (as far as I know) to enable the HTTP Event Collector on your receiver (let's suppose it's a standalone Splunk Server).

You need to navigate (from the GUI) to settings/data inputs/HTTP Event Collector and click on Global Settings. From there you can enable all Tokens, eventually disable SSL and save. Finally create a New Token from the same page.

Then from another machine (or here in my test in localhost) you can run this curl command :

curl -k -X POST -H "Authorization: Splunk <hec_token_created>" -d '{"event": "Hello World!", "index": "<your_index>"}' http://<splunk_receiver>:8088/services/collector/event

Then you should be able to search this event you just sent.

Hope it helps !

GaetanVP

0 Karma

splunkreal
Motivator

Hello Gaetan,

thanks for HEC solution however how do you add data the same way you add monitor stanza using app's inputs.conf on deployment server and attach it to particular serverclass using REST API?

Best regards.

 

* If this helps, please upvote or accept solution if it solved *
0 Karma
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...