Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Splunk Cloud Trial and Http Event Collector - NOT WORKING

simpkins1958
Contributor
‎12-01-2015 12:16 PM

I have the 15 day trial version of Splunk Cloud. The Http Event Collector documentation http://dev.splunk.com/view/event-collector/SP-CAAAE7F says: Note: To turn on HTTP Event Collector in Splunk Cloud, file a request ticket with Splunk Support.

Since this is a trial version I am not allowed to submit a support ticket. How do I get Http Event Collector enabled?

Reply
1 Solution
Solved! Jump to solution
Solution

gblock_splunk
Splunk Employee
Splunk Employee
‎12-01-2015 01:12 PM

Hi @simpkins1958.

You can now enable HTTP Event Collector yourself in Trial / Single Instance. Go to Settings->Data Inputs->HTTP Event Collector from there you can enable the collector and create a token.

In order to create requests, you need to prefix the URI of your cloud instance with "input-", i.e. see the curl below

curl -k https://input-prd-p-j65vnzzl9wc8.cloud.splunk.com:8088/services/collector -H 'Authorization: Splunk  498FEC9B-86E2-4CD0-B489-4A55E2D52B07' -d '{"event":"event1"} {"event":"event2"}'

Notice I've added "input-" then the instance. Also the port + /services/collector endpoint are there.

As a side note, Splunk Cloud trial uses a self-signed cert, so you need to disabled cert validation if using HTTPS which is what the '-k' switch does with curl.

Let me know if you have any issues.

Thanks
Glenn

View solution in original post

Reply
Solved! Jump to solution

gblock_splunk
Splunk Employee
Splunk Employee
‎12-01-2015 07:16 PM

Yeah, if you look in the Stack Overflow, people were hitting it with 2012. The difference is that you are not running with an Elliptical Curve cert locally, and that I am guessing is where the issue lies.

0 Karma
Reply
Solved! Jump to solution

simpkins1958
Contributor
‎12-01-2015 03:09 PM

Tried setting the security policy to use TLS still not working with Splunk Cloud.

Tried again with my local Splunk server using HTTPS and working fine.

I set a break point in ServerCertificateValidationCallback, which is never getting hit when trying to send to Splunk Cloud but is getting hit when sending to local Splunk Server.

0 Karma
Reply
Solved! Jump to solution

simpkins1958
Contributor
‎12-01-2015 03:19 PM

Based on some googling around I also tried:

            ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

Also not working.

0 Karma
Reply
Solved! Jump to solution

gblock_splunk
Splunk Employee
Splunk Employee
‎12-01-2015 03:24 PM

It sounds like this is a .NET related issue based on the fact that you can successfully curl. Can you try using HttpClient directly and see if you are able to send data?

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...