Help with Ingesting Data into Splunk Cloud HEC via...

rford91 · ‎01-10-2021

Hello all,

I am attempting to ingest data via a python script that retrieves data from an API and then forwards the results into my personal Splunk Cloud instance using the HTTP event collector. I am running into an issue with the splunk field extractions when I run my python script and I have attached a screenshot below. The results are being sent as one event when I want them to be sent as 19 individual events and the interesting fields are also including "near_earth_objects.2020-01-02") when I just want the fields to be "absolute_magnitude_h" since I intend to ingest historical data for multiple dates. Is the issue with data formatting being sent from my python script or do I need to change a configuration in my splunk cloud instance. Any help would be greatly appreciated.

to4kawa · ‎01-15-2021

If you don't have a problem with the license, you can get by with a query.

Help with Ingesting Data into Splunk Cloud HEC via python script

field extraction

HTTP Event Collector

JSON

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Announcing Modern Navigation: A New Era of Splunk User Experience

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Join the Conversation