Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Need help getting basic requests.post to work for HTTP Event Collector with Python

voninski
New Member
‎09-04-2016 12:30 PM

OK - This is starting to frustrate me.

I first tried the following command:

curl -k  http://10.10.XX.XX:8088/services/collector/event -H "Authorization: Splunk my_correct_token" -d '{"event": "does this thing work"}'

and it works correctly and the event is received. Cool!

Then I saw the following blog post on building HTTP Events with Python and while I could get the code to execute without error. I could not get the system to receive the event.

Breaking down the event to its most basic components in Python 2.7 I wrote the following code

import requests

requests.post('http://10.10.XX.XX:8088/services/collector/event', headers={'Authorization': 'Splunk my_correct_token}, data = {"event": "through python -- again - does this thing work"})
print "does this thing work"

And while the code runs without error I am not receiving the events in Splunk.

Any ideas?

Thank you.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

icrushservers
Engager
‎10-20-2016 06:36 AM

Here is my solution to the problem:

#!/usr/bin/python

import requests
import json

url='https://172.16.x.y:8088/services/collector/event'
authHeader = {'Authorization': 'Splunk super_sekrit'}
jsonDict = {"event": "through python -- again - does this thing work"}

r = requests.post(url, headers=authHeader, json=jsonDict, verify=False)
print r.text

View solution in original post

Reply
Solved! Jump to solution
Solution

icrushservers
Engager
‎10-20-2016 06:36 AM

Here is my solution to the problem:

#!/usr/bin/python

import requests
import json

url='https://172.16.x.y:8088/services/collector/event'
authHeader = {'Authorization': 'Splunk super_sekrit'}
jsonDict = {"event": "through python -- again - does this thing work"}

r = requests.post(url, headers=authHeader, json=jsonDict, verify=False)
print r.text
Reply
Solved! Jump to solution

neeldesai1992
Path Finder
‎10-18-2017 09:57 AM

But how can you pass this kind of authorization ('Splunk super_sekrit') if I am using the Java Splunk sdk ? I can't set a header over there. so How can I pass over there?

0 Karma
Reply
Solved! Jump to solution

voninski
New Member
‎10-20-2016 07:13 AM

This works great. And i like the fact that it separates the components needed. Thank you!

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Wondering How to Build Resiliency in the Cloud?

IT leaders are choosing Splunk Cloud as an ideal cloud transformation platform to drive business resilience,  ...

Updated Data Management and AWS GDI Inventory in Splunk Observability

We’re making some changes to Data Management and Infrastructure Inventory for AWS. The Data Management page, ...