Can an application auto-create an HTTP event collector? upon setup perhaps?
I noticed that they are listed in their own app's input.conf (splunk__httpinput).
I suppose I would need a setup script, and have that script use CLI and/or cUrl and setup the collector.
Is there an example of such a script? preferably, one that checks for Splunk version, and does not attempt it if not 6.3.x
Thanks!
@ramabu you can use our CLI to do this or curl.
For the CLI see here. Using this command: splunk http-event-collector enable -uri
will work. Using the CLI you can also manage tokens, or even send events.
You can also use curl against our data/inputs/http endpoint sending disabled=0
curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/http -d disabled=0
It can be done via api calls using curl or other http tools. I'll give you the steps, you can do the work and help you develop it too. I just need to know if you'll "hard code" the user/password or if it needs to be encrypted. Also if you understand Python or prefer bash, etc.
Heres a good starting point: http://docs.splunk.com/Documentation/Splunk/6.3.2/RESTREF/RESTprolog
After reading the prolog above check out the /data/input endpoints here: http://docs.splunk.com/Documentation/Splunk/6.3.2/RESTREF/RESTlist#DLOC