Splunk Cloud Platform
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

HTTP Event Collector URL

hnfd73hd8sjhDD
Engager
‎01-31-2021 04:23 AM

Hi,

I'm using the free cloud trial, and none of the URLs suggested within the documentation work.

[HOST]/services/collector throws a 303 error, redirecting to [HOST]/en-GB/services/collector which in turn throws a 404 error.

input-[HOST], inputs-[HOST], http-inputs-[HOST] do not resolve.

inputs.[HOST] resolves, but throws an SSL error as the wildcard cert attached to it does not cover the extra tier in the FQDN.

[HOST]:8088 resolves, but throws an SSL error as the cert attached to it does not match the FQDN (SplunkServerDefaultCert).

Any idea what I should be using?

TIA,
Martin...

 

Labels (1)
Labels
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-01-2021 11:55 PM

Hi @hnfd73hd8sjhDD,

I believe Splunk Free Cloud Trail uses self sign certificate. That is why you may need to disable certificate check on your tests.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
Reply

hnfd73hd8sjhDD
Engager
‎02-02-2021 04:20 AM

I've just tried using curl (with verification off) and it works ok (event ends up in the right place).

(thanks for your help).

Seems like a potential bin-fire in the waiting for anyone evaluating Splunk though. Someone now has to remember to re-enable TLS validation if they move from free to cloud/enterprise, otherwise their sensitive log data is accessible by anyone along the network path who wants to MITM the connection.

Martin...

0 Karma
Reply

hnfd73hd8sjhDD
Engager
‎02-02-2021 03:13 AM

Thanks for your reply.

Is that a definite (have you tried it yourself?)

The problem is that the library I'm using doesn't have the ability to disable SSL validation (it's an intentional choice: if it isn't there as an option, someone can't accidentally make a mistake and push it to a live environment).

If that is the case, then the documentation definitely needs cleaning up, and a note added to this effect (apart from there being contradicting examples in ther same document about which URI to use). 😉

Martin...

 

 

 

0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-02-2021 04:17 AM

As far as I know it is self signed for free trial. But this is not a new info.

You can confirm with Splunk support.

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

scelikok
SplunkTrust
SplunkTrust
‎02-01-2021 08:52 PM

Hi @hnfd73hd8sjhDD,

According to documentation our should use below URL; (you should replace stackname with yours)

https://stackname.splunkcloud.com:8088/services/collector/event

 

If this reply helps you an upvote and "Accept as Solution" is appreciated.
0 Karma
Reply

hnfd73hd8sjhDD
Engager
‎02-01-2021 11:46 PM

Hi,

Thanks for the reply!

As noted: using that URI throws an SSL error as the certificate doesn't match (the cert returned is a default one, not the one for the stack).

Any other suggestions?

Martin...

 

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...

Index This | What can you do to make 55,555 equal 500?

April 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...
Top