Place the token in the authorization header of each HTTP request as follows:Ĭurl -H "Authorization: Splunk BD274822-96AA-4DA6-90EC-18940FB2414C" -d '' -v You have several ways to authenticate to the instance: by HTTP authentication, basic authentication, or a query string. Using the token management endpoint guarantees that the token is unique. See Use cURL to manage HTTP Event Collector tokens, events, and services for more information. When you use the token management endpoint on the Splunk server to generate a token, it generates the token in the form of a globally unique identifier (GUID). You do this using the token you generate when you create a new HEC input. To learn more about HEC, how it works, and how to set it up, see Set up and use the HTTP Event Collector in Splunk Web.īefore the HTTP Event Collector can accept your data for indexing, you must authenticate to the Splunk Cloud Platform or Splunk Enterprise instance on which it runs. You can format events for HEC in both Splunk Cloud Platform and Splunk Enterprise. Each request can contain a HEC token, a channel identifier header, event metadata, or event data, depending on whether your events are raw or have been formatted in accordance with the JavaScript Object Notation (JSON) standard. The HTTP Event Collector (HEC) receives events from clients in a series of HTTP requests.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |