Dashboards & Visualizations
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

HEC {"text":"Token is required","code":2}

jadengoho
Builder
‎03-18-2018 08:00 PM

I have an HEC in my localhost apparently I cant send a message to it using this command

curl -k https://localhost:8088/services/collector/event -H 'Authorization: Splunk be6e9136-cf55-4ace-9770-51626303d2e2' -d"{\"event\": \"hello $HOSTNAME\"}"

curl -k -u "x:be6e9136-cf55-4ace-9770-51626303d2e2" https://localhost:8088/services/collector -d '{"sourcetype": "trialHEC", "event":"Hello, World!"}'

they come back with :
{"text":"Token is required","code":2}
curl: (6) Could not resolve host: be6e9136-cf55-4ace-9770-51626303d2e2

I am running the latest Splunk, just want to know why I cant sent a successful command?

Tags (1)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

jadengoho
Builder
‎03-18-2018 10:42 PM

I finally solve it ,
There are difference between Windows and Linux syntax

i do solve this by
changing single quote (') with double quotes("" ) and escaping the inner double quotes("") into (\"")

windows :
curl -k https://localhost:8088/services/collector -H "Authorization:Splunk be6e9136-cf55-4ace-9770-51626303d2e2" -d "{\"sourcetype\":\"trialHEC\", \"event\":\"Hello,World!\"}"

Nix*:

curl -k https://localhost:8088/services/collector -H 'Authorization':'Splunk be6e9136-cf55-4ace-9770-51626303d2e2' -d '{"sourcetype":"trialHEC", "event":"Hello,World!"}'

View solution in original post

Reply
Solved! Jump to solution
Solution

jadengoho
Builder
‎03-18-2018 10:42 PM

I finally solve it ,
There are difference between Windows and Linux syntax

i do solve this by
changing single quote (') with double quotes("" ) and escaping the inner double quotes("") into (\"")

windows :
curl -k https://localhost:8088/services/collector -H "Authorization:Splunk be6e9136-cf55-4ace-9770-51626303d2e2" -d "{\"sourcetype\":\"trialHEC\", \"event\":\"Hello,World!\"}"

Nix*:

curl -k https://localhost:8088/services/collector -H 'Authorization':'Splunk be6e9136-cf55-4ace-9770-51626303d2e2' -d '{"sourcetype":"trialHEC", "event":"Hello,World!"}'

Reply
Solved! Jump to solution

niketn
Legend
‎03-18-2018 11:15 PM

@jadengoho, glad you figured it out. The same has been called out in Splunk Docs and Splunk Dev

____________________________________________
| makeresults | eval message= "Happy Splunking!!!"
0 Karma
Reply
Solved! Jump to solution

jadengoho
Builder
‎03-18-2018 11:17 PM

yes but i don't see it on first , HAHAHAHAH

0 Karma
Reply
Get Updates on the Splunk Community!

Combine Multiline Logs into a Single Event with SOCK - a Guide for Advanced Users

This article is the continuation of the “Combine multiline logs into a single event with SOCK - a step-by-step ...

Everything Community at .conf24!

You may have seen mention of the .conf Community Zone 'round these parts and found yourself wondering what ...

Index This | I’m short for "configuration file.” What am I?

May 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with a Special ...