cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
yeungdarea
Explorer
Member since: ‎08-08-2016
‎06-05-2020
Community Statistics
Posts 4
Solutions 0
Karma Given 2
Karma Received 1
Member Since ‎08-08-2016
Activity Feed
View All

Re: Does the HTTP Event Collector API support even...

by in Getting Data In
‎08-16-2016 12:11 AM
‎08-16-2016 12:11 AM
We are looking forward to trying out this new feature. Would love to hear more details. ... View more

Re: Does the HTTP Event Collector API support even...

by in Getting Data In
‎08-14-2016 07:12 PM
‎08-14-2016 07:12 PM
We are evaluating inserting KV pairs in the source field, and providing Splunk with a configuration snippet that allows us to extract these fields at search time. It would be much nicer if there was a way to do this in the HEC API, so we didn't need to configure anything. ... View more

Re: Does the HTTP Event Collector API support even...

by in Getting Data In
‎08-14-2016 07:10 PM
‎08-14-2016 07:10 PM
Thank you. Is there any consideration of this feature in Splunk's roadmap? We are trying to build something generic, that works with docker and helps us get logs to Splunk. We want this to be something that "forwards and tags" logs, rather than something that "wraps logs in an envelope with tags" or "parses then merges with tags". Forwarding is attractive because it means developers that use our log forwarder can expect that if they write something to STDOUT, it will go to Splunk that way. This means developers can be in control of which sourcetype they use. It means our component is of lower complexity, and we don't have to explain how we rewrite log events. ... View more

Does the HTTP Event Collector API support events w...

by in Getting Data In
‎08-08-2016 10:54 PM
1 Karma
‎08-08-2016 10:54 PM
1 Karma
According to the "Format events for HTTP Event Collector" document, I can send time , host , source , sourcetype and index . I would like to send additional event metadata. Is this possible? Given I'm running Splunk 6.4.2 with an HTTP Event Collector, When I send an event with a metadata key called foo with the value bar : curl -k -vv -H "Content-Type: application/json" -H "Authorization: Splunk XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" http://splunk:8088/services/collector/event -d '{"event": "hello world", "foo": "bar"}' Then, I get this response: < HTTP/1.1 400 Bad Request < Date: Tue, 09 Aug 2016 05:26:47 GMT < Content-Type: application/json; charset=UTF-8 < X-Content-Type-Options: nosniff < Content-Length: 27 < Connection: Keep-Alive < X-Frame-Options: SAMEORIGIN < Server: Splunkd < * Connection #0 to host 172.25.0.3 left intact {"text":"No data","code":5}% I was hoping for a 200 OK and to see my event with the "foo" metadata. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All
Karma given to
View All