Splunk Search

Query string method not working for HEC on Cloud

naiktej13
Engager

I have a splunk cloud stack which has HEC enabled on it and I am referring following page to send data via HEC:
http://dev.splunk.com/view/event-collector/SP-CAAAE7G

which have mentioned 3 ways:
1. HTTP Authentication
2. Basic authentication
3. Query string

Among them, 1 and 2 are working properly. But when I tried to send data via "Query string" it gives following Error:

{"text":"Query string authorization is not enabled","code":16}

The curl command I tried is as follow:
curl -k https://http-inputs-STACK_NAME.splunkcloud.com/services/collector/event?token=xxxxxxxx-xxxx-xxxx-xxx... -d '{"event": "hello world"}'

Any idea regarding How to enable the "Query string" in cloud stack?

0 Karma
1 Solution

hunters_splunk
Splunk Employee
Splunk Employee

Hi Naiktej13,

Seems that the allowQueryStringAuth has not been set to true in the HEC local stanza in your Cloud instance:
allowQueryStringAuth = [true|false]
For detailed information about his setting, see http://docs.splunk.com/Documentation/Splunk/6.6.0/Admin/Inputsconf#HTTP_Event_Collector_.28HEC.29_-_... .

Please contact your Cloud administrator to set allowQueryStringAuth to true to Enable sending authorization token with query string.

Hope it helps. Thanks!
Hunter

View solution in original post

0 Karma

hunters_splunk
Splunk Employee
Splunk Employee

Hi Naiktej13,

Seems that the allowQueryStringAuth has not been set to true in the HEC local stanza in your Cloud instance:
allowQueryStringAuth = [true|false]
For detailed information about his setting, see http://docs.splunk.com/Documentation/Splunk/6.6.0/Admin/Inputsconf#HTTP_Event_Collector_.28HEC.29_-_... .

Please contact your Cloud administrator to set allowQueryStringAuth to true to Enable sending authorization token with query string.

Hope it helps. Thanks!
Hunter

0 Karma
Get Updates on the Splunk Community!

Aligning Observability Costs with Business Value: Practical Strategies

 Join us for an engaging Tech Talk on Aligning Observability Costs with Business Value: Practical ...

Mastering Data Pipelines: Unlocking Value with Splunk

 In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

Did you know that for Splunk Enterprise 9.4, Python 3.9 is the default interpreter? This shift is not just a ...