Add data programmatically using REST API

splunkreal · ‎07-11-2023

Hello guys,

do you have example of script or curl commands using REST API to add data?

There is https://docs.splunk.com/Documentation/Splunk/9.0.4/RESTREF/RESTinput#data.2Finputs.2Fmonitor but how to specify serverclass?

Thanks for your help.

* If this helps, please upvote or accept solution if it solved *

GaetanVP · ‎07-11-2023

Hello @splunkreal,

Yes, first you need (as far as I know) to enable the HTTP Event Collector on your receiver (let's suppose it's a standalone Splunk Server).

You need to navigate (from the GUI) to settings/data inputs/HTTP Event Collector and click on Global Settings. From there you can enable all Tokens, eventually disable SSL and save. Finally create a New Token from the same page.

Then from another machine (or here in my test in localhost) you can run this curl command :

curl -k -X POST -H "Authorization: Splunk <hec_token_created>" -d '{"event": "Hello World!", "index": "<your_index>"}' http://<splunk_receiver>:8088/services/collector/event

Then you should be able to search this event you just sent.

Hope it helps !

GaetanVP

splunkreal · ‎07-11-2023

Hello Gaetan,

thanks for HEC solution however how do you add data the same way you add monitor stanza using app's inputs.conf on deployment server and attach it to particular serverclass using REST API?

Best regards.

* If this helps, please upvote or accept solution if it solved *

Add data programmatically using REST API

index

inputs.conf

Linux

universal forwarder

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?