Hi
I have seen that when I am doing a post request to "https://splunk_host:8088/services/collector/event" with validate_cert=False its successfully sending the data to Splunk from my application. Where as when I tried with validate_cert=True i am getting errors like "Self signed Certificate error " or
Cannot connect to host localhost:8088 ssl:default [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)]
so what should I do to not get this error.
Hi,
Did you find what was wrong ?
I have a similar behaviour : curl with ssl to send HEC events works fine, but from a python app, not so well :
Socket error while idling: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Any idea ?
Thanks
Ema
If you are trying to test sending data to your HEC then you need to pass in the token, not the certs.
Something like:
curl -k https://hec.example.com:8088/services/collector/event -H "Authorization: Splunk B5A79AAD-D822-46CC-80D1-819F80D7BFB0" -d '{"event": "hello world"}'
{"text": "Success", "code": 0}
See the documentation for more info.
https://docs.splunk.com/Documentation/SplunkCloud/8.2.2106/Data/UsetheHTTPEventCollector#Send_data_t...
Hi
I have done that with curl it works fine but when comes to my application when I try with
request = HTTPRequest(url, method='POST', body=json.dumps(body), headers=headers)
response = await HttpUtils.make_async_request(request, eat_exceptions=False)
where URL is
https://hec.example.com:8088/services/collector/event
and I am passing the token too like
headers = {'Authorization': 'Splunk B5A79AAD-D822-46CC-80D1-819F80D7BFB0'}
Still I am getting the error of 'SSL:-self-signed certificate in chain' whereas when I try with curl no error.
It looks like you are using Python to push data in Splunk via HEC, can you please let us know which python modules are you using?
How did you configure ssl cert on this host? Is it using default cert OR CA-signed cert (internal OR external).
you can find this by using the btool command
/opt/splunk/bin/splunk btool inputs list http --debug | grep serverCert
You need to copy over the root cert from the above path to the source from which you are doing this post request.
-- Hope this helps