HTTP Event Collector: How to send logs to Splunk Cloud from command line using curl?

Question

I am trying with a trial version of Splunk cloud. I created the HTTP Event Collector. Now I am trying to log into Splunk using the curl script available here http://dev.splunk.com/view/event-collector/SP-CAAAE7F. But I guess I am doing something wrong, as I am not able to hit the server.

What has to be the host name of Splunk that I have to use to save the logs?

This is my Splunk cloud instance https://xxxxx.cloud.splunk.com

I tried something like this, I guess which is wrong (replaced with tokenid which I got after creating the HTTP EC)

curl -k https://xxxxx.cloud.splunk.com/services/collector -H 'Authorization: Splunk tokenid' -d '{"event":"Hello, World!"}' Please help.

Thanks

Answer 1

I too tried the same using curl and got the error as below:-

curl: (7) Failed to connect to xxx.cloud.splunk.com port 8088: Timed out

Later noticed that, in the doc mentioned above, there is a "notes" section which says to prefix "input-" to the host name for self service cloud instances.

Having this change in place, the curl request worked. Data also appeared in the Splunk dashboard. See the curl output.

$ curl -k https://input-xxx.cloud.splunk.com:8088/services/collector -H "Authorization: Splunk 00301XX3-1234-12XX-X1XX-1234X0X1XXX0" -d '{"event":"Breakfast Order"} {"event":{"coffee":"double cream double sugar","muffin":"blueberry","juice":"none"}}'
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   139  100    27  100   112     10     43  0:00:02  0:00:02 --:--:--    74{"text":"Success","code":0}

Also, your code will work if the request is sent to local Splunk server installation. Then the curl request can be sent to localhost:8088/services/collector with out input- prefix

If you already added input- prefix as part of host name and still get this error, it might be something else. Please see if this link helps.