Splunk Enterprise

How do I make a POST request to the HTTP Event collector using Splunk Light?

hashtagjohnt
New Member

I set up an new Splunk Light account to test out the functionality of Splunk and would like to send data using the HTTP Event Collector.

According to the docs (http://dev.splunk.com/view/event-collector/SP-CAAAE7F), I am supposed to enable the HTTP Event Collector, which I have done:

alt text

and then create a token, which I have done:

alt text

But on the review page, there is not "Host" value. I assume the host is the same host that I am using the create the tokens, something like:

https://prd-p-2lsvqbvxyzzzzz.cloud.splunk.com

So according to the docs, I should be able to post data, but for some reason it times out:

curl -k https://prd-p-2lsvqbxyzzzzz.cloud.splunk.com:8088/serivces/collector -H "Authorization: Splunk my-secret-token" -d '{"sourcetype": "curl", "event":"Hello, World!"}'

curl: (7) Failed to connect to prd-p-2lsvqbxyzzzzz.cloud.splunk.com port 8088: Connection timed out

Any idea why it is failing? Do I have everything set up correctly?

Thanks!

Labels (1)
Tags (1)
0 Karma

nmadhok
Path Finder

Because you have misspelt the endpoint in the URL ( serivces/collector) instead of ( services/collector)

This is what you have:

https://prd-p-2lsvqbxyzzzzz.cloud.splunk.com:8088/serivces/collector

This is what it should be:

https://prd-p-2lsvqbxyzzzzz.cloud.splunk.com:8088/services/collector
0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...

.conf23 Registration is Now Open!

Time to toss the .conf-etti 🎉 —  .conf23 registration is open!   Join us in Las Vegas July 17-20 for ...