The fields key isn't applicable to raw data. The index you specify here must be within the list of allowed indexes if the token has the indexes parameter set. The name of the index by which the event data is to be indexed. The sourcetype value to assign to the event data. For example, if you're sending data from an app you're developing, set this key to the name of the app. The source value to assign to the event data. This key is typically the hostname of the client from which you're sending data. The host value to assign to the event data. The default time format is UNIX time format, in the format. Any key-value pairs that you don't include in the event are set to values defined for the token on the Splunk platform instance. The following table shows keys that you can include in event metadata. For more information, see Enable indexer acknowledgement. If the token with which you're authenticating to HTTP Event Collector has indexer acknowledgement enabled, you must also include the channel identifier with your indexer status query. Place the token in the authorization header of each HTTP request as follows:Ĭurl -H "Authorization: Splunk BD274822-96AA-4DA6-90EC-18940FB2414C" -d '' -v You have several ways to authenticate to the instance: by HTTP authentication, basic authentication, or a query string. Using the token management endpoint guarantees that the token is unique. See Use cURL to manage HTTP Event Collector tokens, events, and services for more information. When you use the token management endpoint on the Splunk server to generate a token, it generates the token in the form of a globally unique identifier (GUID). You do this using the token you generate when you create a new HEC input. To learn more about HEC, how it works, and how to set it up, see Set up and use the HTTP Event Collector in Splunk Web.īefore the HTTP Event Collector can accept your data for indexing, you must authenticate to the Splunk Cloud Platform or Splunk Enterprise instance on which it runs. You can format events for HEC in both Splunk Cloud Platform and Splunk Enterprise. Each request can contain a HEC token, a channel identifier header, event metadata, or event data, depending on whether your events are raw or have been formatted in accordance with the JavaScript Object Notation (JSON) standard. The HTTP Event Collector (HEC) receives events from clients in a series of HTTP requests.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |