×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
P01YOGESHC
Loves-to-Learn
Member since: ‎09-16-2020
‎09-16-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-16-2020
View All

Re: Server returned HTTP response code: 400 for UR...

by in Installation
‎09-16-2020 04:48 PM
‎09-16-2020 04:48 PM
Hi @P01YOGESHC , please give a try on the sample below. I ran a test in my sandbox to index raw events and I have to add the channel plus token to get data indexed In order to get the channel, please run this query on splunk srv.  index="_internal" sourcetype=splunkd host=<server_name> | search guid!=" " | stats latest(host) latest(guid) In my test I used the ip address, but you can try the FQDN as well, then you can add the guid to the channel and the token after Authorization:Splunk I also added the index and sourcetype to the comment This sample works properly for raw event. The server name should be the one where the HEC is setup to receive the data curl -k "https://XXX.X.XXX.XXX:8088/services/collector/raw?channel=23XXXXX-XXX-XXXX-XXXX-XXXXXXXXXX&sourcetype=httpevent&index=main" -H "Authorization: Splunk 46XXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" -d '1, 2, 3... Hello, world!' for further information, please check other samples at https://docs.splunk.com/Documentation/Splunk/8.0.6/Data/HECExamples If this helps, please upvote. thanks ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎09-16-2020 04:14 PM