How to send an event to the Splunk HTTP Event Collector

The Splunk HTTP Event Collector is the preferred way to send events to Splunk.

The Splunk HTTP Event Collector closes the connection if you don’t use HTTPS when you are sending a POST message.

Recv failure: Connection reset by peer

To send the event from the Macintosh Bash terminal

curl -k https://MY_SPLUNK_SERVER_IP:8088/services/collector -H 'Authorization: Splunk MY_TOKEN' -d '{"sourcetype": "json", "event":"Hello, World!", "host":"MY_HOST_NAME"}'

To send the event from Postman

Turn off the SSL Certificate Validation.

If the Splunk server does not have a trusted SSL certificate, Postman will throw an error if you send the message with the mandatory HTTPS protocol. To tell Postman, you trust the SSL certificate generated by the Splunk server, turn off the SSL certificate validation in Postman.

This option is only available in the standalone version of Postman, not in the Chrome add-on

  1. In the upper right corner of Postman click the wrench
  2. Select Settings
  3. On the General tab turn off SSL certificate verification

Create the post

  1. Add your Splunk token to the header
  2. Add the raw, JSON type body

 

Leave a Reply