Can an application auto-create an HTTP event colle...

ramabu · ‎01-31-2016

Can an application auto-create an HTTP event collector? upon setup perhaps?
I noticed that they are listed in their own app's input.conf (splunk__httpinput).

I suppose I would need a setup script, and have that script use CLI and/or cUrl and setup the collector.
Is there an example of such a script? preferably, one that checks for Splunk version, and does not attempt it if not 6.3.x

Thanks!

gblock_splunk · ‎02-13-2016

@ramabu you can use our CLI to do this or curl.

For the CLI see here. Using this command: splunk http-event-collector enable -uri will work. Using the CLI you can also manage tokens, or even send events.

You can also use curl against our data/inputs/http endpoint sending disabled=0

curl -u admin:pass https://localhost:8089/servicesNS/nobody/search/data/inputs/http -d disabled=0

jkat54 · ‎01-31-2016

It can be done via api calls using curl or other http tools. I'll give you the steps, you can do the work and help you develop it too. I just need to know if you'll "hard code" the user/password or if it needs to be encrypted. Also if you understand Python or prefer bash, etc.

jkat54 · ‎01-31-2016

Heres a good starting point: http://docs.splunk.com/Documentation/Splunk/6.3.2/RESTREF/RESTprolog

jkat54 · ‎01-31-2016

After reading the prolog above check out the /data/input endpoints here: http://docs.splunk.com/Documentation/Splunk/6.3.2/RESTREF/RESTlist#DLOC

Can an application auto-create an HTTP event collector? upon setup perhaps?

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk