Hello guys,
do you have example of script or curl commands using REST API to add data?
There is https://docs.splunk.com/Documentation/Splunk/9.0.4/RESTREF/RESTinput#data.2Finputs.2Fmonitor but how to specify serverclass?
Thanks for your help.
Hello @splunkreal,
Yes, first you need (as far as I know) to enable the HTTP Event Collector on your receiver (let's suppose it's a standalone Splunk Server).
You need to navigate (from the GUI) to settings/data inputs/HTTP Event Collector and click on Global Settings. From there you can enable all Tokens, eventually disable SSL and save. Finally create a New Token from the same page.
Then from another machine (or here in my test in localhost) you can run this curl command :
curl -k -X POST -H "Authorization: Splunk <hec_token_created>" -d '{"event": "Hello World!", "index": "<your_index>"}' http://<splunk_receiver>:8088/services/collector/event
Then you should be able to search this event you just sent.
Hope it helps !
GaetanVP
Hello Gaetan,
thanks for HEC solution however how do you add data the same way you add monitor stanza using app's inputs.conf on deployment server and attach it to particular serverclass using REST API?
Best regards.