Activity Feed
- Karma Re: Does the HTTP Event Collector API support events with arbitrary metadata? for Jeremiah. 06-05-2020 12:48 AM
- Karma Re: Does the HTTP Event Collector API support events with arbitrary metadata? for gblock_splunk. 06-05-2020 12:48 AM
- Got Karma for Does the HTTP Event Collector API support events with arbitrary metadata?. 06-05-2020 12:48 AM
- Posted Re: Does the HTTP Event Collector API support events with arbitrary metadata? on Getting Data In. 08-16-2016 12:11 AM
- Posted Re: Does the HTTP Event Collector API support events with arbitrary metadata? on Getting Data In. 08-14-2016 07:12 PM
- Posted Re: Does the HTTP Event Collector API support events with arbitrary metadata? on Getting Data In. 08-14-2016 07:10 PM
- Posted Does the HTTP Event Collector API support events with arbitrary metadata? on Getting Data In. 08-08-2016 10:54 PM
- Tagged Does the HTTP Event Collector API support events with arbitrary metadata? on Getting Data In. 08-08-2016 10:54 PM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 1 |
08-16-2016
12:11 AM
We are looking forward to trying out this new feature. Would love to hear more details.
... View more
08-14-2016
07:12 PM
We are evaluating inserting KV pairs in the source field, and providing Splunk with a configuration snippet that allows us to extract these fields at search time.
It would be much nicer if there was a way to do this in the HEC API, so we didn't need to configure anything.
... View more
08-14-2016
07:10 PM
Thank you. Is there any consideration of this feature in Splunk's roadmap?
We are trying to build something generic, that works with docker and helps us get logs to Splunk. We want this to be something that "forwards and tags" logs, rather than something that "wraps logs in an envelope with tags" or "parses then merges with tags".
Forwarding is attractive because it means developers that use our log forwarder can expect that if they write something to STDOUT, it will go to Splunk that way. This means developers can be in control of which sourcetype they use. It means our component is of lower complexity, and we don't have to explain how we rewrite log events.
... View more
08-08-2016
10:54 PM
1 Karma
According to the "Format events for HTTP Event Collector" document, I can send time , host , source , sourcetype and index .
I would like to send additional event metadata. Is this possible?
Given I'm running Splunk 6.4.2 with an HTTP Event Collector,
When I send an event with a metadata key called foo with the value bar :
curl -k -vv -H "Content-Type: application/json" -H "Authorization: Splunk XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" http://splunk:8088/services/collector/event -d '{"event": "hello world", "foo": "bar"}'
Then, I get this response:
< HTTP/1.1 400 Bad Request
< Date: Tue, 09 Aug 2016 05:26:47 GMT
< Content-Type: application/json; charset=UTF-8
< X-Content-Type-Options: nosniff
< Content-Length: 27
< Connection: Keep-Alive
< X-Frame-Options: SAMEORIGIN
< Server: Splunkd
<
* Connection #0 to host 172.25.0.3 left intact
{"text":"No data","code":5}%
I was hoping for a 200 OK and to see my event with the "foo" metadata.
... View more
- Tags:
- http-event-collector
