Getting Data In

Getting http by HEC

gilsegev468
Engager

Hello,

I have Splunk 8.0.4.

I tried to send HTTP events from my browser to my index with HEC.

The requests are denied because of CORS error. 

I would like to get some help for the situation, thanks.

Labels (3)
0 Karma

richgalloway
SplunkTrust
SplunkTrust

More details, please.  How exactly are you sending the events to HEC?  Have you configured and are you using an input token?  What is the exact text of the error message you get?

---
If this reply helps you, Karma would be appreciated.
0 Karma

gilsegev468
Engager

I send the POST events with Postman to http://SPLUNK_SERVER_NAME:8088/services/collector/event

Yes, I use token input.

The error is like that:

Access to XMLHttpRequest at 'http://SPLUNK_SERVER_NAME:8088/services/collector/event' from origin 'http://localhost:4200' has been blocked by CORS policy: Request header field content- :4200/#/map:1 type is not allowed by Access-Control-Allow-Headers in preflight response.

0 Karma

richgalloway
SplunkTrust
SplunkTrust

I'm not sure what to do about that, but I'm pretty sure it's not a Splunk problem.  See if https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors helps at all.

---
If this reply helps you, Karma would be appreciated.
0 Karma

gilsegev468
Engager

Cross-origin resource sharing is a mechanism that allows restricted resources on a web page to be requested from another domain outside the domain from which the first resource was served.

In other words, in order to make a successful request from "client" ( a web page on chrome) to a remote server from another domain, the server needs to specify the  "client" domain in the response header. Meaning that the IP address or the domain name of the client should be specify in Access-Control-Allow-Origin  response header.

In our case, the "client" is  a web page on chrome and the "remote server" is splunk.  To solve our problem we need to return response headers such as Access-Control-Allow-Origin: "client-ip" in the response of our clients' post requests. In addition, It is possible that we will need to add more response header with the format of Access-Control-Allow-XXXX to the responses.

1. How can splunk be configure such that it will specify the origins in the Access-Control-Allow-Origin response header ?

2. How can custom response headers can be configure for the response of splunk post requests ?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...