Hi @thefuzz4
First off, thanks for using HEC!
Looking at the example above, it does not appear to be in the proper format for our JSON Event protocol.
The format requires you to have a JSON envelope which contains within it an "event" field with the value being your payload. You should also include a epoch timestamp as HEC doesn't do timestamp extraction from the JSON. So looking at your example the JSON payload below in the curl I provided should work (assuming HEC is enabled). I tested this and it worked against my HEC instance.
curl -k https://localhost:8088/services/collector -H 'Authorization: Splunk 16229CD8-BB6B-449E-BA84-86F9232AC3BC' -d '
{"event":{"date":"Sat Feb 13 21:20:44 UTC 2016","name":"power","displayName":"Home Energy","device":"Home Energy","deviceId":"31ea905e-28d3-4779-a8b1-82bcd528c520","value":"2233","isStateChange":"true","id":"a4b491a0-d297-11e5-897c-22000bb6c3f8","description":"zw device: 0F, command: 3202, payload: 21 74 00 22 11 C0 00 00 00 00 00 00","descriptionText":"Total Power: 2233 Watts","installedSmartAppId":"null","isoDate":"2016-02-13T21:20:44.892Z","isDigital":"false","isPhysical":"false","location":"Home","locationId":"846d6e0a-dcc0-44e8-a09b-bac269bfa6c1","unit":"W","source":"DEVICE"},"time":1455398444892}'
Main difference above is that I've enclosed your event in "event". I've removed the extra brace at the end (as that made the JSON invalid), and I've added an epoch time stamp which I got by converting the isoDate field above.
Let me know if this works for you.
... View more
