Getting Data In

How can I send the content of the file to HTTP Event Collector in Splunk?

Dolis
Engager

I am using a script that gives me some data in json format, I want to send this data to splunk.
I can store the output of the script in a file but how can I send it to HTTP Event Collector?

Couple of things I tried but did not work:

------------------------------------------------
#!/bin/bash
FILE="output.json"
file1="cat answer.txt"
curl -k "https://prd-pxxx.splunkcloud.com:8088/services/collector"  -H "Authorization: Splunk XXXXX"  -d  '{"event": "$file1", "sourcetype": "manual"}'

-----------------------------------------------------------

curl -k "https://prd-pxxx.splunkcloud.com:8088/services/collector"  -H "Authorization: Splunk XXXXX"  -d  '{"event": "@output.json", "sourcetype": "manual"}'

-------------------------------------------------------------

curl -k "https://prd-p-w0gjo.splunkcloud.com:8088/services/collector"  -H "Authorization: Splunk d70b305e-01ef-490d-a6d8-b875d98e689b"   -d '{"sourcetype":"_json", "event": "@output.json", "source": "output.json}

-----------------------------------------------------------------

After trying this I understand that it literally sends everything specified in the event section. Is there a way I can send the content of the file or use a variable?

Thanks in advance!

Labels (1)
0 Karma
1 Solution

venkatasri
SplunkTrust
SplunkTrust

Hi @Dolis 

You can do via script , read every line of file and send it as batch. more examples here, 

Use cURL to manage HTTP Event Collector tokens, events, and services - Splunk Documentation

https://docs.splunk.com/Documentation/Splunk/8.2.0/Data/HECExamples

----

An upvote would be appreciated and accept solution if it helps!

View solution in original post

venkatasri
SplunkTrust
SplunkTrust

Hi @Dolis 

You can do via script , read every line of file and send it as batch. more examples here, 

Use cURL to manage HTTP Event Collector tokens, events, and services - Splunk Documentation

https://docs.splunk.com/Documentation/Splunk/8.2.0/Data/HECExamples

----

An upvote would be appreciated and accept solution if it helps!

Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...