Getting Data In

HTTP Event Collector: How to send logs to Splunk Cloud from command line using curl?

jyotishkp
Engager

I am trying with a trial version of Splunk cloud. I created the HTTP Event Collector. Now I am trying to log into Splunk using the curl script available here http://dev.splunk.com/view/event-collector/SP-CAAAE7F. But I guess I am doing something wrong, as I am not able to hit the server.

What has to be the host name of Splunk that I have to use to save the logs?

This is my Splunk cloud instance https://xxxxx.cloud.splunk.com

I tried something like this, I guess which is wrong (replaced with tokenid which I got after creating the HTTP EC)

curl -k https://xxxxx.cloud.splunk.com/services/collector -H 'Authorization: Splunk tokenid' -d '{"event":"Hello, World!"}'

Please help.

Thanks

SNaikwade
Path Finder

i facing issues with curl and I am getting an error "{"text":"Token is required","code":2}"

Here is my curl:

curl -k https://localhost:8088/services/collector/event -H 'Authorization:429AAB25-A7A0-4D40-8D1E-F05E114B069F' -d '{"event":"Hello, World!"}'

Please advice.
If you think I missed the word Splunk in the above uRL. I have tried below example as well. Even that does not work.

curl -k https://localhost:8088/services/collector/event -H 'Authorization: Splunk 429AAB25-A7A0-4D40-8D1E-F05E114B069F' -d '{"event":"Hello, World!"}'

0 Karma

aaraneta_splunk
Splunk Employee
Splunk Employee

@SNaikwade - If you need help with this issue, you may want to submit this as its own separate question. Since you posted this on a question from June 2016, its likely not to receive much activity. Thanks.

0 Karma

pgreer_splunk
Splunk Employee
Splunk Employee

The URL looks a little bit fishy. You have:

curl -k https://xxxxx.cloud.splunk.com/services/collector -H 'Authorization: Splunk tokenid' -d '{"event":"Hello, World!"}'

From the 6.4.1 Docs Page the URL is a little bit different. Try:

curl -k https://xxxxx.cloud.splunk.com/services/collector/event -H 'Authorization: <Splunk tokenid>' -d '{"event":"Hello, World!"}'

Maybe you just missed the "/event" in your original test?

0 Karma

SNaikwade
Path Finder

i facing issues with curl and I am getting an error "{"text":"Token is required","code":2}"

Here is my curl:

curl -k https://localhost:8088/services/collector/event -H 'Authorization:429AAB25-A7A0-4D40-8D1E-F05E114B069F' -d '{"event":"Hello, World!"}'

Please advice.
If you think I missed the word Splunk in the above uRL. I have tried below example as well. Even that does not work.

curl -k https://localhost:8088/services/collector/event -H 'Authorization: Splunk 429AAB25-A7A0-4D40-8D1E-F05E114B069F' -d '{"event":"Hello, World!"}'

0 Karma
Get Updates on the Splunk Community!

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

This is the third post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...