Can someone tell me why this is failing with Invalid authorization? I think that the endpoint is as documented.
WEBHOOK_URL = 'https://localhost:8088/services/collector/event'
#headers = {'Content-Type': 'application/json'}
headers={'Authorization': 'A1DD6F1E-0F63-40CF-9A15-C82B36AFD89F', 'Content-Type': 'application/json'}
message = { "index":"main", "sourcetype":"xqe_metric", "event":"Testing"}
print WEBHOOK_URL, headers, message
connection = httplib.HTTPSConnection('localhost:8088')
connection.request('POST', WEBHOOK_URL, json.dumps(message), headers)
response = connection.getresponse()
print response.read().decode(), '/n'
Response
<module 'time' from '/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/lib-dynload/time.so'> Failed="no"
http://localhost:8088/services/collector/event {'Content-Type': 'application/json', 'Authorization': 'A1DD6F1E-0F63-40CF-9A15-C82B36AFD89F'} {'index': 'main', 'sourcetype': 'xqe_metric', 'event': 'Testing'}
{"text":"Invalid authorization","code":3} /n
Looking at the example at http://docs.splunk.com/Documentation/Splunk/6.3.3/Data/UsetheHTTPEventCollector, the "Authorization" header includes the word "Splunk" whereas your code does not. Try that.
I see you are using HTTPS. Just as a side note, as you sending to your local instance, the SSL cert is probably not valid in which case the request will be rejected unless you configure you client to ignore cert validation.
Looking at the example at http://docs.splunk.com/Documentation/Splunk/6.3.3/Data/UsetheHTTPEventCollector, the "Authorization" header includes the word "Splunk" whereas your code does not. Try that.
Thanks. I saw the problem thanks to your observation.
Hi Guys,
I have a similar problem - I'm using a HTTP event collector and installed an iApp for F5 load balancers.
I can see the F5 sending keys as follows from a packet capture:
Member Key: time
Member Key: host
Member Key: source
Member Key: sourcetype
Member Key: event
I can see the Splunk Server responding like this:
Member Key: text
String Value: Invalid authorization
Key: text
Member Key: code
Number Value: 3
Key: code
Where in Splunk do I configure the above Member Key which is causing an invalid authorization?
Thanks!
If your problem is solved please accept the answer.
Rich is correct!
The WEBHOOK_URL variable has unbalanced quotes and parens in it. If it's a not a typo in the question then it could explain the problem.
Thanks, I updated the code and response it had a typo.