The Splunk HTTP Event Collector is the preferred way to send events to Splunk.
The Splunk HTTP Event Collector closes the connection if you don’t use HTTPS when you are sending a POST message.
Recv failure: Connection reset by peer
To send the event from the Macintosh Bash terminal
curl -k https://MY_SPLUNK_SERVER_IP:8088/services/collector -H 'Authorization: Splunk MY_TOKEN' -d '{"sourcetype": "json", "event":"Hello, World!", "host":"MY_HOST_NAME"}'
To send the event from Postman
Turn off the SSL Certificate Validation.
If the Splunk server does not have a trusted SSL certificate, Postman will throw an error if you send the message with the mandatory HTTPS protocol. To tell Postman, you trust the SSL certificate generated by the Splunk server, turn off the SSL certificate validation in Postman.
This option is only available in the standalone version of Postman, not in the Chrome add-on
- In the upper right corner of Postman click the wrench
- Select Settings
- On the General tab turn off SSL certificate verification
Create the post
- Add your Splunk token to the header
- Add the raw, JSON type body
Its not working, i am getting 200 response but data is not updating in Splunk. What to do? I am using splunk cloud.