Splunk Dev

Need help getting basic requests.post to work for HTTP Event Collector with Python

voninski
New Member

OK - This is starting to frustrate me.

I first tried the following command:

curl -k  http://10.10.XX.XX:8088/services/collector/event -H "Authorization: Splunk my_correct_token" -d '{"event": "does this thing work"}'

and it works correctly and the event is received. Cool!

Then I saw the following blog post on building HTTP Events with Python and while I could get the code to execute without error. I could not get the system to receive the event.

Breaking down the event to its most basic components in Python 2.7 I wrote the following code

import requests

requests.post('http://10.10.XX.XX:8088/services/collector/event', headers={'Authorization': 'Splunk my_correct_token}, data = {"event": "through python -- again - does this thing work"})
print "does this thing work"

And while the code runs without error I am not receiving the events in Splunk.

Any ideas?

Thank you.

0 Karma
1 Solution

icrushservers
Engager

Here is my solution to the problem:

#!/usr/bin/python

import requests
import json

url='https://172.16.x.y:8088/services/collector/event'
authHeader = {'Authorization': 'Splunk super_sekrit'}
jsonDict = {"event": "through python -- again - does this thing work"}

r = requests.post(url, headers=authHeader, json=jsonDict, verify=False)
print r.text

View solution in original post

icrushservers
Engager

Here is my solution to the problem:

#!/usr/bin/python

import requests
import json

url='https://172.16.x.y:8088/services/collector/event'
authHeader = {'Authorization': 'Splunk super_sekrit'}
jsonDict = {"event": "through python -- again - does this thing work"}

r = requests.post(url, headers=authHeader, json=jsonDict, verify=False)
print r.text

neeldesai1992
Path Finder

But how can you pass this kind of authorization ('Splunk super_sekrit') if I am using the Java Splunk sdk ? I can't set a header over there. so How can I pass over there?

0 Karma

voninski
New Member

This works great. And i like the fact that it separates the components needed. Thank you!

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...