Getting Data In

Http Event Collector CURL errors with {"text":"Invalid token","code":4} or "Empty reply from server" using Windows

sfortier99
Engager

I configured HTTP Event Collector and am trying to test it with:

curl -k  https://localhost:8088/services/collector/event -H "Authorization: Splunk 8111111111111*"  -d '{"event": "hello world"}'
error:  {"text"."Invalid token","code"4}

I also tried:

curl -k http://localhost:8088/services/collector/event -H "Authorization: Splunk 8111111111111*" -d "{\"event\":\"hello world\"}"

and I get response curl: (52) Empty reply from server

Running Windows Server 2012 R2

Why is this not working?

0 Karma
1 Solution

somesoni2
Revered Legend

Give this a try (verify the token value is correct and same as what you generated in Splunk)

curl -k  https://localhost:8088/services/collector/event -H 'Authorization: Splunk 8111111111111'  -d '{"event": "hello world"}'

View solution in original post

gblock_splunk
Splunk Employee
Splunk Employee

How did you create your token? Did you manually add a stanza to conf? If so which conf file, and can you show the stanza?

If you log into the Splunk UI and go to Settings->Data Inputs->HTTP Event Collector does your token show in the list?

0 Karma

somesoni2
Revered Legend

Give this a try (verify the token value is correct and same as what you generated in Splunk)

curl -k  https://localhost:8088/services/collector/event -H 'Authorization: Splunk 8111111111111'  -d '{"event": "hello world"}'

View solution in original post

Did you miss .conf21 Virtual?

Good news! The event's keynotes and many of its breakout sessions are now available online, and still totally FREE!