Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Is there an error in the documentation? My tests indicate the document is not correct when using curl.

mark-jones
Explorer
‎09-20-2022 07:12 AM

According to my tests the Authorization header should not have a space between the colon and splunk keyword.  It should be "Authorization:Splunk ###-####..." and not "Authorization:  Splunk ###-####..."

https://docs.splunk.com/Documentation/Splunk/9.0.1/Data/FormateventsforHTTPEventCollector

In other words this works:

curl -k https://prd-p.splunkcloud.com:8088/services/collector -H "Authorization:Splunk ###-######" -d "{\"sourcetype\":\"_json\",\"index\": \"job1\",\"event\": {\"a\": \"value1\", \"b\": [\"value1\", \"value1\"]}}"

Whereas this does not work:

curl -k https://prd-p.splunkcloud.com:8088/services/collector -H "Authorization: Splunk ###-######-b680-72c7bd33f9bb" -d "{\"sourcetype\":\"_json\",\"index\": \"job1\",\"event\": {\"a\": \"value1\", \"b\": [\"value1\", \"value1\"]}}"

markjones_0-1663682704498.png

 

Labels (1)
Labels
0 Karma
Reply

isoutamo
SplunkTrust
SplunkTrust
‎09-21-2022 01:52 AM

Hi

this 

-H "Authorization: Splunk eae66351-aaaa-1111-2222-2787781f501f"

works as documentation said. Actually you can use it with or without that space between : and Splunk.

What I have earlier seen, is that in some OS (like windows) and/or some shell configurations will generate some confusion with sending event with curl to HEC. Especially when you are surrounding event with " instead of '. In this first case you must do some escape for " on json field names and values and there are situation when this can leads to unwanted situation.

r. Ismo

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎09-20-2022 08:11 AM

Submit this message as feedback on the relevant Docs page.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

mark-jones
Explorer
‎09-20-2022 08:41 AM

Done.

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...