Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Error Connecting to HTTP Event Collector

jinesh_thakkar
New Member
‎10-31-2017 09:01 AM

Hi

I sign up for splunk free cloud trial instance and created the HTTP Event Collector as per link here

Link - http://dev.splunk.com/view/event-collector/SP-CAAAE7F

When I try to call following HEC curl from postman, I am unable to connect and do not get any response

curl -k https://:8088/services/collector -H 'Authorization: Splunk ' -d '{"sourcetype": "mysourcetype", "event":"Hello, World!"}'

0 Karma
Reply

vkannampuzha
Explorer
‎05-12-2019 10:54 PM

Once you create your Splunk instance, here is the curl command I used that works. I'm assuming that this is your localhost.

curl -k http://localhost:8088/services/collector -H "Authorization:Splunk ENTER YOUR TOKEN VALUE" -d '{"sourcetype": "mysourcetype", "event":"Hello, World!"}'

0 Karma
Reply

preotesoiu
Path Finder
‎10-31-2017 01:10 PM

your curl command must contain the hostname or IP address
curl -k https://yourhostname:8088/services/collector ...

or perhaps you can try below curl command:
curl -k -u "userID:TOKEN" "https://your_server_name:8088/services/collector/event" -d '{"event": "Hello, world!"}'
if works well you would see below response
{"text":"Success","code":0}

0 Karma
Reply

preotesoiu
Path Finder
‎10-31-2017 01:14 PM

also I believe the path is a bit different for splunk cloud:

When creating requests to Splunk Cloud, you must add a prefix to the URI of the hostname according to your subscription. For self-service Splunk Cloud plans, pre-pend the hostname with input-. For all other Splunk Cloud plans, pre-pend the hostname with http-inputs-. In the previous example, the cURL statement would look like the following for self-service Splunk Cloud instances:
curl -k https://input-:8088/services/collector -H 'Authorization: Splunk ' -d '{"event":"Hello, World!"}'

And for all other Splunk Cloud instances:
curl -k https://http-inputs-:8088/services/collector -H 'Authorization: Splunk ' -d '{"event":"Hello, World!"}'

0 Karma
Reply
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!