Solved: HTTP Event Collector SSL problem

DMohn · ‎06-11-2019

Hi all,

I am trying to send events to HEC locally via CLI and keep getting a SSL error. I have looked up several docs, but I have not yet found the solution to it. My problem is like this:

Command:
curl -vvv -k -H "Authorization: Splunk my-hec-token" https://mysplunkhost:8088/services/collector/event -d '{ [aWholeLotOfJSONformattedData] }'

Return is:

* Hostname was NOT found in DNS cache
*   Trying xx.xx.xx.xx...
* Connected to mysplunkhost (xx.xx.xx.xx) port 8088 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs/
* SSLv3, TLS unknown, Certificate Status (22):
* SSLv3, TLS handshake, Client hello (1):
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Closing connection 0
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

Any advise on where I can fix this?

DMohn · ‎06-11-2019

Found the solution by myself, after a while.

If you don't enable SSL in the http input setting, Splunk won't accept https calls 🙂

So be aware of that!

View solution in original post

DMohn · ‎06-11-2019

Found the solution by myself, after a while.

If you don't enable SSL in the http input setting, Splunk won't accept https calls 🙂

So be aware of that!

HTTP Event Collector SSL problem

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases