Also, can you try specifying port 80 explicitly? ... View more

For sure it should not have /services/collector in the url. ... View more

Here's a screenshot from when I had this working. You can see the code and the Splunk event on the other side. https://www.dropbox.com/s/948pvvqkqser7s0/Lambda.png?dl=0 ... View more

I created the original Eclipse example, so I know it can work as I had a working version which I passed off to our docs team. This is against a managed Splunk cloud instance yes? ... View more

Hi @micahhausler. This is a known issue, it is due to the type of ECC cert that we have used for self-service Splunk Cloud. The Docker driver works fine for our managed cloud but not for self-service. There is a plan to fix this. ... View more

@joxley today this using something like nginx is the right way to do it, but a better way is coming shortly, stay tuned. Also another option is to use this node app which gives your a proxy. In terms of the payload, our newer raw endpoint is perfect for receiving the standard webhook payload. As you observed the auth header is still required today, but that will change. ... View more

HEC is available on self-service / trial. Can you show me your curl (obfuscate the hostname) i.e. input-xxxxx:8088/services/... ... View more

Just to clarify, the config setting above will allow you to configure this on the Splunk side so the client doesn't have to send it. ... View more

One way is to send "host" in the request as you are doing here. Alternatively you can configure Splunk per token, so it will resolve the host based on the client that is sending. You do this in inputs.conf under the token stanza by setting the connection_host to "ip" or "dns". You can see the setting here connection_host = [ip|dns|none] * Specify the host if an event doesn't have host set. * "ip" sets the host to the IP address of the system sending the data. * "dns" sets the host to the reverse DNS entry for IP address of the system sending the data. * "none" leaves the host as specified in the HTTP header. ... View more

Also did you check the lambda logs to see if there was an error? ... View more

Can you show me a gist of the code in your lambda? ... View more

@San55240, try removing "/services/collector/event" for the url, the logging library sets this. I noticed you did not set the port, is your HEC instance on port 80? ... View more

@bento_prod, also in terms of Docker, the driver won't work today with self-service due to our certs not having support in golang. It will work with managed cloud instances though. If you want to use the driver with self-service, you'll need to deploy a forwarder running HEC (like in AWS) and have it forward to the cloud instance. We know this is not an ideal experience for the driver with single instance, and are working on a better solution. ... View more

Hi @bento_prod, check this link. For self-service cloud you need to prefix "input-" ... View more

Great! Email me and I can tell you more: gblock@splunk.com ... View more

Can you show the exception message? Did you disable cert validation in your code? If not, then this is very likely the issue. ... View more

How did you create your token? Did you manually add a stanza to conf? If so which conf file, and can you show the stanza? If you log into the Splunk UI and go to Settings->Data Inputs->HTTP Event Collector does your token show in the list? ... View more

Hi Jeremiah We don't have anything built in to rate limit access. Using something like nginx would be a good option. ... View more

OK, I would try curl to see if you can successfully make a request and access the API. ... View more

Have you tried using curl to see if you can successfully hit the endpoint? Is the indexer behind a proxy? Is the REST API enabled? This page has some things to try: http://dev.splunk.com/view/csharp-sdk-pcl/SP-CAAAE7W ... View more

OK, since you are using node, I did a blog post on export from node. The post is here. I use a slightly different approach using the request module and pipes. Can you try it out and see if it works, and then maybe tweak it to your use case? ... View more

How are you making the request? Have you tested with curl? ... View more

Self-signed certs are not valid so you cannot use cert validation. If you want to use a valid cert, you need to replace the self-signed cert on the Splunk side with one issued from a cert authority. You can get a free one for example at letsencrypt.org ... View more

Hi @circleup, unfortunately not yet. I am trying to get this work done. I apologize it is taking so long. ... View more