Getting Data In

How can I send the content of the file to HTTP Event Collector in Splunk?

Dolis
Engager

I am using a script that gives me some data in json format, I want to send this data to splunk.
I can store the output of the script in a file but how can I send it to HTTP Event Collector?

Couple of things I tried but did not work:

------------------------------------------------
#!/bin/bash
FILE="output.json"
file1="cat answer.txt"
curl -k "https://prd-pxxx.splunkcloud.com:8088/services/collector"  -H "Authorization: Splunk XXXXX"  -d  '{"event": "$file1", "sourcetype": "manual"}'

-----------------------------------------------------------

curl -k "https://prd-pxxx.splunkcloud.com:8088/services/collector"  -H "Authorization: Splunk XXXXX"  -d  '{"event": "@output.json", "sourcetype": "manual"}'

-------------------------------------------------------------

curl -k "https://prd-p-w0gjo.splunkcloud.com:8088/services/collector"  -H "Authorization: Splunk d70b305e-01ef-490d-a6d8-b875d98e689b"   -d '{"sourcetype":"_json", "event": "@output.json", "source": "output.json}

-----------------------------------------------------------------

After trying this I understand that it literally sends everything specified in the event section. Is there a way I can send the content of the file or use a variable?

Thanks in advance!

Labels (1)
0 Karma
1 Solution

venkatasri
SplunkTrust
SplunkTrust

Hi @Dolis 

You can do via script , read every line of file and send it as batch. more examples here, 

Use cURL to manage HTTP Event Collector tokens, events, and services - Splunk Documentation

https://docs.splunk.com/Documentation/Splunk/8.2.0/Data/HECExamples

----

An upvote would be appreciated and accept solution if it helps!

View solution in original post

venkatasri
SplunkTrust
SplunkTrust

Hi @Dolis 

You can do via script , read every line of file and send it as batch. more examples here, 

Use cURL to manage HTTP Event Collector tokens, events, and services - Splunk Documentation

https://docs.splunk.com/Documentation/Splunk/8.2.0/Data/HECExamples

----

An upvote would be appreciated and accept solution if it helps!

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...