How do I make a POST request to the HTTP Event col...

hashtagjohnt · ‎01-11-2018

I set up an new Splunk Light account to test out the functionality of Splunk and would like to send data using the HTTP Event Collector.

According to the docs (http://dev.splunk.com/view/event-collector/SP-CAAAE7F), I am supposed to enable the HTTP Event Collector, which I have done:

and then create a token, which I have done:

But on the review page, there is not "Host" value. I assume the host is the same host that I am using the create the tokens, something like:

https://prd-p-2lsvqbvxyzzzzz.cloud.splunk.com

So according to the docs, I should be able to post data, but for some reason it times out:

curl -k https://prd-p-2lsvqbxyzzzzz.cloud.splunk.com:8088/serivces/collector -H "Authorization: Splunk my-secret-token" -d '{"sourcetype": "curl", "event":"Hello, World!"}'

curl: (7) Failed to connect to prd-p-2lsvqbxyzzzzz.cloud.splunk.com port 8088: Connection timed out

Any idea why it is failing? Do I have everything set up correctly?

Thanks!

nmadhok · ‎05-21-2020

Because you have misspelt the endpoint in the URL ( serivces/collector) instead of ( services/collector)

This is what you have:

https://prd-p-2lsvqbxyzzzzz.cloud.splunk.com:8088/serivces/collector

This is what it should be:

https://prd-p-2lsvqbxyzzzzz.cloud.splunk.com:8088/services/collector

How do I make a POST request to the HTTP Event collector using Splunk Light?

configuration

Enterprise Security Content Updates (ESCU) - New Releases

Thought Leaders are Validating Your Hard Work and Training Rigor

.conf23 Registration is Now Open!