HTTPS collector not receiving items from scrape?

kristjobnext · ‎09-22-2017

Using Splunk enterprise. https://45.55.161.5:8000/en-US/app/launcher/home

A HTTPS event collector is listening on 8088 with token DB84F19F-B2F1-4B89-BB38-643DFB641B34

From source, this code is trying to send JSON to Spunk. But Splunk does not receive. Can anyone help to get this right?

Thanks

import requests
import json

url = 'http://45.55.161.5:8088/services/collector/event'
payload = {
"Test": "Splunk ",
}
headers = {
"Authorization": "Splunk DB84F19F-B2F1-4B89-BB38-643DFB641B34",
}
r = requests.post(url, data=json.dumps(payload), headers=headers)
print(r.content)

starcher · ‎09-22-2017

You could just use a premade HEC python class.
https://github.com/georgestarcher/Splunk-Class-httpevent

But make sure your token is valid in the permissions for the destination index you are wanting to send to.

kristjobnext · ‎09-26-2017

Thanks Starcher. I will check this out and let you know.

kristjobnext · ‎09-22-2017

btw, it doesn't work with https neither. 'https://45.55.161.5:8088/services/collector/event'

HTTPS collector not receiving items from scrape?

What's New in Splunk Observability - October 2025

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Are you a member of the Splunk Community?

HTTPS collector not receiving items from scrape?

What's New in Splunk Observability - October 2025

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...