Getting Data In

HTTP Event Collector: How to send logs to Splunk Cloud from command line using curl?

jyotishkp
Engager

I am trying with a trial version of Splunk cloud. I created the HTTP Event Collector. Now I am trying to log into Splunk using the curl script available here http://dev.splunk.com/view/event-collector/SP-CAAAE7F. But I guess I am doing something wrong, as I am not able to hit the server.

What has to be the host name of Splunk that I have to use to save the logs?

This is my Splunk cloud instance https://xxxxx.cloud.splunk.com

I tried something like this, I guess which is wrong (replaced with tokenid which I got after creating the HTTP EC)

curl -k https://xxxxx.cloud.splunk.com/services/collector -H 'Authorization: Splunk tokenid' -d '{"event":"Hello, World!"}'

Please help.

Thanks

SNaikwade
Path Finder

i facing issues with curl and I am getting an error "{"text":"Token is required","code":2}"

Here is my curl:

curl -k https://localhost:8088/services/collector/event -H 'Authorization:429AAB25-A7A0-4D40-8D1E-F05E114B069F' -d '{"event":"Hello, World!"}'

Please advice.
If you think I missed the word Splunk in the above uRL. I have tried below example as well. Even that does not work.

curl -k https://localhost:8088/services/collector/event -H 'Authorization: Splunk 429AAB25-A7A0-4D40-8D1E-F05E114B069F' -d '{"event":"Hello, World!"}'

0 Karma

aaraneta_splunk
Splunk Employee
Splunk Employee

@SNaikwade - If you need help with this issue, you may want to submit this as its own separate question. Since you posted this on a question from June 2016, its likely not to receive much activity. Thanks.

0 Karma

pgreer_splunk
Splunk Employee
Splunk Employee

The URL looks a little bit fishy. You have:

curl -k https://xxxxx.cloud.splunk.com/services/collector -H 'Authorization: Splunk tokenid' -d '{"event":"Hello, World!"}'

From the 6.4.1 Docs Page the URL is a little bit different. Try:

curl -k https://xxxxx.cloud.splunk.com/services/collector/event -H 'Authorization: <Splunk tokenid>' -d '{"event":"Hello, World!"}'

Maybe you just missed the "/event" in your original test?

0 Karma

SNaikwade
Path Finder

i facing issues with curl and I am getting an error "{"text":"Token is required","code":2}"

Here is my curl:

curl -k https://localhost:8088/services/collector/event -H 'Authorization:429AAB25-A7A0-4D40-8D1E-F05E114B069F' -d '{"event":"Hello, World!"}'

Please advice.
If you think I missed the word Splunk in the above uRL. I have tried below example as well. Even that does not work.

curl -k https://localhost:8088/services/collector/event -H 'Authorization: Splunk 429AAB25-A7A0-4D40-8D1E-F05E114B069F' -d '{"event":"Hello, World!"}'

0 Karma
Get Updates on the Splunk Community!

Index This | What did the zero say to the eight?

June 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...

Splunk Observability Cloud's AI Assistant in Action Series: Onboarding New Hires & ...

This is the fifth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Now Playing: Splunk Education Summer Learning Premieres

It’s premiere season, and Splunk Education is rolling out new releases you won’t want to miss. Whether you’re ...