I am curious too, any success ?
I saw API methods to convert an uploaded file to a lookup
POST Create a lookup table file by moving a file from the upload staging area into $SPLUNK_HOME
What is the method to upload the file to the staging area ?
according to this answer https://answers.splunk.com/answers/152485/can-you-create-modify-a-lookup-file-via-rest-api.html
"But you can't remotely upload a new lookup file with these REST endpoints , you'd need to create a Custom REST Endpoint to do this."
I am also stuck, I would like to upload logs but I want to gather this data without using the Splunk Forwarder due to limitations on the machines. Any chance this can be achieved or are we still stuck. Look-up tables look like separate things than loading raw data with some tags (like source, type etc) to an index. But I might be wrong of course. Still learning about Splunk
You might want to see the documentation for the HTTP Event Collector:
and associated REST endpoints:
Hope this helps!
Hi @frobinson, your suggestion gave me some hope. I am trying splunk with a cloud instance until i can provision a local enterprise instance. I have enabled the token as suggested in the documentation.
See - http://dev.splunk.com/view/event-collector/SP-CAAAE7F
I have tried to upload my application logs
$ curl -ki https://prd-p-XXXXXXX.cloud.splunk.com:8088/services/collector -H 'Authorization: Splunk 61EC1DEF-XXXXXXXXXXXXXXXXXXXXX' -d @application201603031354.log curl: (7) Failed to connect to prd-p-XXXXXXX.cloud.splunk.com port 8088: Connection timed out
The strange thing is that when i set a token I dont get the same screen visible in the documentation, i.e. I dont see a confirmation of the hostname to send the request to. I have popped in on IRC to ask how i could get a confirmation of the hostname, if that was the problem. Also i confirm the EC is enabled in the global configuration so I am stuck right now. Can EC be enabled on the cloud?
I didn't realize until your most recent comment that you are on Splunk Cloud. Let me check with our engineering team to see what differences there are and what you can do. I'll report back!
Yes, you can upload log data via the API. Though I would use a forwarder or HTTPEvent collector.
To upload data you have to use the receivers/simple endpoint using the post method. The post body will contain the your event using an XML or Json format.