Getting Data In
Highlighted

How to upload log files to Splunk using REST API?

Engager

Hi ,

I want to upload log files using Splunk Rest APIs. Can you please share how I can do that

Tags (4)
Highlighted

Re: How to upload log files to Splunk using REST API?

Splunk Employee
Splunk Employee

I am curious too, any success ?

I saw API methods to convert an uploaded file to a lookup
https://:/services/data/lookup-table-files

POST Create a lookup table file by moving a file from the upload staging area into $SPLUNK_HOME
http://docs.splunk.com/Documentation/Splunk/6.3.1/RESTREF/RESTknowledge

What is the method to upload the file to the staging area ?
according to this answer https://answers.splunk.com/answers/152485/can-you-create-modify-a-lookup-file-via-rest-api.html
"But you can't remotely upload a new lookup file with these REST endpoints , you'd need to create a Custom REST Endpoint to do this."

0 Karma
Highlighted

Re: How to upload log files to Splunk using REST API?

Engager

I am also stuck, I would like to upload logs but I want to gather this data without using the Splunk Forwarder due to limitations on the machines. Any chance this can be achieved or are we still stuck. Look-up tables look like separate things than loading raw data with some tags (like source, type etc) to an index. But I might be wrong of course. Still learning about Splunk

0 Karma
Highlighted

Re: How to upload log files to Splunk using REST API?

Splunk Employee
Splunk Employee
Highlighted

Re: How to upload log files to Splunk using REST API?

Engager

Hi @frobinson, your suggestion gave me some hope. I am trying splunk with a cloud instance until i can provision a local enterprise instance. I have enabled the token as suggested in the documentation.
See - http://dev.splunk.com/view/event-collector/SP-CAAAE7F

I have tried to upload my application logs

$ curl -ki https://prd-p-XXXXXXX.cloud.splunk.com:8088/services/collector -H 'Authorization: Splunk 61EC1DEF-XXXXXXXXXXXXXXXXXXXXX' -d @application201603031354.log 
curl: (7) Failed to connect to prd-p-XXXXXXX.cloud.splunk.com port 8088: Connection timed out

The strange thing is that when i set a token I dont get the same screen visible in the documentation, i.e. I dont see a confirmation of the hostname to send the request to. I have popped in on IRC to ask how i could get a confirmation of the hostname, if that was the problem. Also i confirm the EC is enabled in the global configuration so I am stuck right now. Can EC be enabled on the cloud?

0 Karma
Highlighted

Re: How to upload log files to Splunk using REST API?

Splunk Employee
Splunk Employee

Hi @bizmate,
I didn't realize until your most recent comment that you are on Splunk Cloud. Let me check with our engineering team to see what differences there are and what you can do. I'll report back!

0 Karma
Highlighted

Re: How to upload log files to Splunk using REST API?

Splunk Employee
Splunk Employee

As a follow-up--please see @gblock 's answer and one shot upload suggestion below 🙂

0 Karma
Highlighted

Re: How to upload log files to Splunk using REST API?

Champion

Yes, you can upload log data via the API. Though I would use a forwarder or HTTPEvent collector.

To upload data you have to use the receivers/simple endpoint using the post method. The post body will contain the your event using an XML or Json format.

https://<host>:<mPort>/services/receivers/simple

Reciever Example
API summary

0 Karma
Highlighted

Re: How to upload log files to Splunk using REST API?

I downvoted this post because it is about uploading log files, no log data in a specific format.

0 Karma
Highlighted

Re: How to upload log files to Splunk using REST API?

Champion

My post has nothing to do with format. It simply states that you can use the rest endpoint post your date. That endpoint is https://:/services/receivers/simple.

0 Karma