Getting Data In

HTTP Event Collector Indexer Acknowledgment Returns "Invalid data format" "code":6


On a Linux host I am testing our HEC Indexer Acknowledgement setup on our heavy forwarder and following the documentation example but I keep running into "invalid data format" errors.

I am running  the following command to ingest data:


curl  -H "X-Splunk-Request-Channel: FE0ECFAD-13D5-401B-847D-77833BD77132" -H "Authorization: Splunk 9cedcd53-b32d-43ba-9cb6-25a211c720bc" -d '{ "host": "labPC", "source": "testCurl", "event": {  "message": "Did I Make It?", "severity": "INFO"} }' -k


 The data is getting indexed and I am receiving the following status code:




But when I run the following command to verify the indexing status:


curl -k -H "Authorization: Splunk 9cedcd53-b32d-43ba-9cb6-25a211c720bc" -d "{"acks":"0"}"


or any variation of "acks" "ack" "ackId" "0" "[0]" or escaping I keep getting the same result 


{"text":"Invalid data format","code":6}


Any help or guidance would be most appreciated. 

Thank you. 

Labels (1)
0 Karma