Getting Data In
Highlighted

HTTP Event Collector: How to send logs to Splunk Cloud from command line using curl?

Engager

I am trying with a trial version of Splunk cloud. I created the HTTP Event Collector. Now I am trying to log into Splunk using the curl script available here http://dev.splunk.com/view/event-collector/SP-CAAAE7F. But I guess I am doing something wrong, as I am not able to hit the server.

What has to be the host name of Splunk that I have to use to save the logs?

This is my Splunk cloud instance https://xxxxx.cloud.splunk.com

I tried something like this, I guess which is wrong (replaced with tokenid which I got after creating the HTTP EC)

curl -k https://xxxxx.cloud.splunk.com/services/collector -H 'Authorization: Splunk tokenid' -d '{"event":"Hello, World!"}'

Please help.

Thanks

Highlighted

Re: HTTP Event Collector: How to send logs to Splunk Cloud from command line using curl?

Contributor

The URL looks a little bit fishy. You have:

curl -k https://xxxxx.cloud.splunk.com/services/collector -H 'Authorization: Splunk tokenid' -d '{"event":"Hello, World!"}'

From the 6.4.1 Docs Page the URL is a little bit different. Try:

curl -k https://xxxxx.cloud.splunk.com/services/collector/event -H 'Authorization: <Splunk tokenid>' -d '{"event":"Hello, World!"}'

Maybe you just missed the "/event" in your original test?

0 Karma
Highlighted

Re: HTTP Event Collector: How to send logs to Splunk Cloud from command line using curl?

Path Finder

i facing issues with curl and I am getting an error "{"text":"Token is required","code":2}"

Here is my curl:

curl -k https://localhost:8088/services/collector/event -H 'Authorization:429AAB25-A7A0-4D40-8D1E-F05E114B069F' -d '{"event":"Hello, World!"}'

Please advice.
If you think I missed the word Splunk in the above uRL. I have tried below example as well. Even that does not work.

curl -k https://localhost:8088/services/collector/event -H 'Authorization: Splunk 429AAB25-A7A0-4D40-8D1E-F05E114B069F' -d '{"event":"Hello, World!"}'

0 Karma
Highlighted

Re: HTTP Event Collector: How to send logs to Splunk Cloud from command line using curl?

Path Finder

i facing issues with curl and I am getting an error "{"text":"Token is required","code":2}"

Here is my curl:

curl -k https://localhost:8088/services/collector/event -H 'Authorization:429AAB25-A7A0-4D40-8D1E-F05E114B069F' -d '{"event":"Hello, World!"}'

Please advice.
If you think I missed the word Splunk in the above uRL. I have tried below example as well. Even that does not work.

curl -k https://localhost:8088/services/collector/event -H 'Authorization: Splunk 429AAB25-A7A0-4D40-8D1E-F05E114B069F' -d '{"event":"Hello, World!"}'

0 Karma
Highlighted

Re: HTTP Event Collector: How to send logs to Splunk Cloud from command line using curl?

Influencer

@SNaikwade - If you need help with this issue, you may want to submit this as its own separate question. Since you posted this on a question from June 2016, its likely not to receive much activity. Thanks.

0 Karma
Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.