Splunk Cloud Azure

hopik · ‎06-11-2020

Hi

We are using Splunk Cloud from azure marketplace.

I have created HEC token but I have problem send data to the Splunk Cloud.

I am testing some different port but it doesn't work. Same approach on my

Splunk Cloud trial instances is working.

Working- My test instance:

curl -k https://prd-p-<label>.splunkcloud.com:8088/services/collector/event/1.0 -H "Authorization: Splunk <token>" -d '{"event": "hello world"}'

Azure Splunk Cloud:
NOT work mu commercial company instance:
curl -k https://<company>.splunkcloud.com:8088/services/collector/event/1.0 -H 'Authorization: Splunk <token>' -d '{"event": "hello world"}'

curl -k https://<company>.splunkcloud.com/services/collector/event/1.0 -H 'Authorization: Splunk <token>' -d '{"event": "hello world"}'

Anybody know how to send data via HEC to the Splunk Cloud hosted as Azure service ?

Thanks a lot

twesty · ‎06-11-2020

The ports for splunk cloud change depending on whether its a managed service or not. I would advise you check out the doc here: https://docs.splunk.com/Documentation/Splunk/8.0.4/Data/UsetheHTTPEventCollector for more information

Splunk Cloud Azure

HTTP Event Collector

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!

Join the Conversation

Splunk Cloud Azure

HTTP Event Collector

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Automating Threat Operations and Threat Hunting with Recorded Future

Keep the Learning Going with the New Best of .conf Hub

Splunk Community Badges!