Reputation: 90
I am trying with a trial version of Splunk cloud. I created the HTTP Event Collector. Now I am trying to log into Splunk using the curl script available here http://dev.splunk.com/view/event-collector/SP-CAAAE7F. But I guess I am doing something wrong, as I am not able to hit the server.
What has to be the host name of Splunk that I have to use to save the logs?
This is my Splunk cloud instance https://xxxxx.cloud.splunk.com
I tried something like this, I guess which is wrong (replaced with tokenid which I got after creating the HTTP EC)
curl -k https://xxxxx.cloud.splunk.com/services/collector -H 'Authorization: Splunk tokenid' -d '{"event":"Hello, World!"}' Please help.
Thanks
Upvotes: 0
Views: 1680
Reputation: 46
I too tried the same using curl and got the error as below:-
curl: (7) Failed to connect to xxx.cloud.splunk.com port 8088: Timed out
Later noticed that, in the doc mentioned above, there is a "notes" section which says to prefix "input-" to the host name for self service cloud instances.
Having this change in place, the curl request worked. Data also appeared in the Splunk dashboard. See the curl output.
$ curl -k https://input-xxx.cloud.splunk.com:8088/services/collector -H "Authorization: Splunk 00301XX3-1234-12XX-X1XX-1234X0X1XXX0" -d '{"event":"Breakfast Order"} {"event":{"coffee":"double cream double sugar","muffin":"blueberry","juice":"none"}}'
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 139 100 27 100 112 10 43 0:00:02 0:00:02 --:--:-- 74{"text":"Success","code":0}
Also, your code will work if the request is sent to local Splunk server installation. Then the curl request can be sent to localhost:8088/services/collector with out input- prefix
If you already added input- prefix as part of host name and still get this error, it might be something else. Please see if this link helps.
Upvotes: 3