Splunk Cloud Platform

Why getting timeout error while adding data to the Splunk cloud index from REST API?

krishnabv
Explorer

Hello Team,

I am getting timeout error while adding data to Splunk cloud index from REST API. I am using below endpoint. (or) help me how can i add data to Splunk cloud index through REST API's.

URL : http://*********:8088/services/collector

Thanks,
Venkata.


Labels (1)
0 Karma

Roy_9
Motivator

Hi @krishnabv 

Can you share the url syntax with some dummy names to just understand the format that you are using?

Splunk cloud HEC end point varies for both self and managed service cloud, just wanted to make sure.

 

 

Thanks

0 Karma

isoutamo
SplunkTrust
SplunkTrust

This should works also with SC with correct host part in URL.

curl -vk -u "x:aea66351-b931-4be1-83fa-2787781f501f" https://localhost:8088/services/collector/event -d '{"sourcetype": "mysourcetype", "event": "Hello, world!"}'

 

You should also see this https://www.aplura.com/assets/pdf/hec_pipelines.pdf to understanding how events are managed based on used endpoint. There are also a newer version of this picture, but I don't know if it's a public or not? @dshpritz knows the situation of it and maybe he could tell when it can published?

Aplura has some other excellent Cheat Sheets for us! Thanks @dshpritz & co!

0 Karma

krishnabv
Explorer

Hi @isoutamo ,

i am testing from POSTMAN(Which is 3rd party app), does it work.

Thanks,
Venkata.

0 Karma

krishnabv
Explorer

Hi @Roy_9 

i am using this URL : http://*********:8088/services/collector

 

Thanks,
Venkata

0 Karma

isoutamo
SplunkTrust
SplunkTrust

Hi

did this help you https://community.splunk.com/t5/Getting-Data-In/HEC-troubleshooting-in-distributed-Enterprise-enviro... ?

If there is still timeout you should use curl -v to see verbose logging. And if/when needed ask Splunk Support to enable HEC on your stack if it haven't enabled yet.

r. Ismo

0 Karma

krishnabv
Explorer

Hi @isoutamo ,

I am trying below and it is working fine in splunk enterprise and it is not working in Splunk cloud. could you help me on this.

krishnabv_0-1656494018669.png

Thanks,
Venkata

0 Karma

krishnabv
Explorer

Hi @isoutamo 

How can i check whether HTTP event collector is enabled or not in Splunk cloud.

Thanks,
Venkata

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...