Hello everyone, thanks for your replies.
I was able to solve it, finally I created a new HEC in the HTTP Event Collector and associated to it all my 4 indixes to this new HEC, then using python, my main connection function is this:
import json
import requests
class PyHEC:
def init(self, token, uri):
if not 'http' in uri:
raise("no http or https found in hostname")
self.token = token
self.uri = uri+"/services/collector/event"
def send(self, event, metadata=None):
headers = {'Authorization': 'Splunk '+self.token}
payload = {"host": self.uri,
"event": event}
if metadata:
payload.update(metadata)
r = requests.post(self.uri, data=json.dumps(payload), headers=headers, verify=True if 'https' in self.uri else False)
return r.status_code, r.text,
The class call is made every time you need to make an input to a different index.
hec = PyHEC('HEC_PASSWORD', "URL")
try:
data = open('FILE1.json','r')
event = (data.read())
metadata = {"index":"INDEX_AAAA", "host":"HOST_INPUT"}
print hec.send(event, metadata)
except Exception as e:
print('Error')
try:
data = open('FILE2.json','r')
event = (data.read())
metadata = {"index":"INDEX_BBBB", "host":"HOST_INPUT"}
print hec.send(event, metadata)
except Exception as e:
print('Error')
I will consider the answer solved. Regards.
... View more