Join the Conversation
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- HTTP Event collector not working for .NET logging
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We are getting authorization error while calling the service from dot net or java client. It is working fine with curl command( -k option) but failing on the client side due to some certificate missing.
For curl I have noticed when we call the service without –k it fails (authorization issue).
I have tried with postman as well. It is throwing error like this “Install self-signed certificate in chrome”.
Any help is appreciated.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The issue will likely be that your .Net client is not trusting the certificate presented by Splunk(why would it? - its self signed).
The -k switch for curl essentially says "ignore all SSL errors or warnings and carry on regardless"
The bad (wrong) solution is to tell your .Net app to disregard certificate problems.
The correct solution is to install a certificate that your .Net application trusts, such as one from a public CA, or an internal CA which your enterprise trusts.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The issue will likely be that your .Net client is not trusting the certificate presented by Splunk(why would it? - its self signed).
The -k switch for curl essentially says "ignore all SSL errors or warnings and carry on regardless"
The bad (wrong) solution is to tell your .Net app to disregard certificate problems.
The correct solution is to install a certificate that your .Net application trusts, such as one from a public CA, or an internal CA which your enterprise trusts.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Detailed more in the the Securing Splunk Enterprise manual. Specifically, this section is a good place to start: http://docs.splunk.com/Documentation/Splunk/latest/Security/AboutsecuringyourSplunkconfigurationwith...
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you confirm you are sending in the authorization header to the Splunk HEC collector? You will need to include the token in the correct format to avoid the authorization error.
Furthermore postman will not work with self-signed certificates unless you install them in Chrome (which is relatively easy to do)
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
Announcing Modern Navigation: A New Era of Splunk User Experience
Modernize your Splunk Apps – Introducing Python 3.13 in Splunk
Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...
