Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About bsheppard8
bsheppard8
Loves-to-Learn Lots
Member since:
08-26-2021
10-04-2021
Community Statistics
| Posts | 10 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 0 |
| Member Since | 08-26-2021 |
Activity Feed
- Posted Re: HEC Events not indexing on Getting Data In. 10-04-2021 04:31 AM
- Posted Re: HEC Events not indexing on Getting Data In. 10-04-2021 04:27 AM
- Posted Re: HEC Events not indexing on Getting Data In. 10-01-2021 11:46 AM
- Posted Re: HEC Events not indexing on Getting Data In. 10-01-2021 11:26 AM
- Posted Re: HEC Events not indexing on Getting Data In. 10-01-2021 10:25 AM
- Posted Re: HEC Events not indexing on Getting Data In. 10-01-2021 08:30 AM
- Posted Re: HEC Events not indexing on Getting Data In. 10-01-2021 06:18 AM
- Posted HEC Events not indexing on Getting Data In. 10-01-2021 05:31 AM
- Posted Re: Help with sending data from api to splunk enterprise on Getting Data In. 08-27-2021 10:06 AM
- Posted Help with sending data from api to splunk enterprise on Getting Data In. 08-26-2021 11:47 AM
- Tagged Help with sending data from api to splunk enterprise on Getting Data In. 08-26-2021 11:47 AM
- Tagged Help with sending data from api to splunk enterprise on Getting Data In. 08-26-2021 11:47 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
10-04-2021
04:31 AM
I tried using the search field by field. I was only able to find events with the index "_internal". Sadly, I wasn't able to find any events linked to events failing to process or issues with the HttpInputDataHandler. I don't see any issues in the splunkd log, either.
... View more
10-04-2021
04:27 AM
I tried this as well, but I'm still not seeing any events. Is it possible that something in my instance isn't configured properly? Is there something I need to configure in order for an event to be created?
... View more
10-01-2021
11:46 AM
Yeah, I tried this too just now and searched for a matching index. Still nothing.
... View more
10-01-2021
11:26 AM
Are you referring to the token? If so, yes, it's currently set to "history". I included a picture of the settings. If you mean something else, then no.
... View more
10-01-2021
10:25 AM
Update: I was able to find the log, but I'm not seeing anything about HEC so far.
... View more
10-01-2021
08:30 AM
The current index for the token is "history", and the default index is "main". I'm not seeing a log labelled "splunkd" for this instance, but are there configurations for the indices I could try?
... View more
10-01-2021
06:18 AM
I set it to an index that doesn't have any events so that I'd know right away that they're populating. And I have tried index=*, but I still don't see the test message I sent.
... View more
10-01-2021
05:31 AM
I'm learning how to use the HTTP Event collector, but no events ever show up in search. I have the inputs enabled and my token set up as shown: When I run the command 'curl -k http://<instance-host>:8088/services/collector -H "Authorization:Splunk 4f99809e-55d3-4677-b418-c0be66693311" -d "{\"sourcetype\": \"trial\", \"event\":\"Hello World!\"}"' in my command prompt, I get back {"text": "Success", "code": 0}. I followed along with the tutorial on this site here: https://www.youtube.com/watch?v=qROXrFGqWAU I've also tried changing the sourcetype to json_no_timestamp, but this didn't work either. I'm confident that I've set up everything correctly, but nothing seems to be working. Is there a fix for this? Because I'm trying to do the same with collectd metrics.
... View more
Labels
- Labels:
-
HTTP Event Collector
-
indexer
08-27-2021
10:06 AM
I can't use REST API because the option isn't available in my instance. I don't see it under 'Data Inputs'. I gave an example from my earlier picture. The full event should look something like this: { "id": "d868e6ec-c44a-405b-8fa6-f7f0f8cfb500", "title": "The Red Turtle", "original_title": "レッドタートル ã‚る島ã®ç‰©èªž", "original_title_romanised": "ReddotÄtoru aru shima no monogatari", "description": "A man set adrift by a storm wakes up on a beach. He discovers that he is on a deserted island with plenty of fresh water, fruit and a dense bamboo forest. He builds a raft from bamboo and attempts to sail away, but his raft is destroyed by an unseen monster in the sea, forcing him back to the island. He tries again with another, larger raft, but is again foiled by the creature. A third attempt again ends with the raft destroyed, but this time he is confronted by a giant red turtle, which stares at him, and forces him back to the island.", "director": "Michaël Dudok de Wit", "producer": "Toshio Suzuki, Isao Takahata, Vincent Maraval, Pascal Caucheteux, Grégoire Sorlat", "release_date": "2016", "running_time": "80", "rt_score": "93", "people": [ "https://ghibliapi.herokuapp.com/people/" ], "species": [ "https://ghibliapi.herokuapp.com/species/" ], "locations": [ "https://ghibliapi.herokuapp.com/locations/" ], "vehicles": [ "https://ghibliapi.herokuapp.com/vehicles/" ], "url": "https://ghibliapi.herokuapp.com/films/d868e6ec-c44a-405b-8fa6-f7f0f8cfb500" } But you can see in this picture here that the info comes in reverse, and every line is turned into its own event. I also tried the backslash and restarting splunk, but that didn't change anything.
... View more
08-26-2021
11:47 AM
I need some help understanding how to send data from an api to splunk enterprise so that I can create a dashboard about the information. The api is open source and located at https://ghibliapi.herokuapp.com/#. I understand that I can get the information using the curl command, but how do I input this information directly into my splunk instance? I don't have the option to use REST API as an data source for 'Add Data'. So far I've tried to print the output to a txt file and monitor that file using the universal forwarder, but I can't split the data into events properly, as the data is ingested line by line and backwards, regardless of the settings to props.conf. These are the current settings in my props file: [apiver2] EVENT_BREAKER_ENABLE = true EVENT_BREAKER = "(/{)" SHOULD_LINEMERGE = true BREAK_ONLY_BEFORE_DATE = false BREAK_ONLY_BEFORE = ^/{ MUST_BREAK_AFTER = ^/}, MUST_NOT_BREAK_AFTER = ^"id.+ MUST_NOT_BREAK_BEFORE = ^"url.+ And it always displays like this: So I'm thinking that maybe this is because of the data format of the request. What are my options for ingesting this data? A lot of this is new to me, so would HTTP Event Collector work, or is there something else I should do? Thanks in advance!
... View more
- Tags:
- api
- Splunk Enterprise
Labels
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
10-04-2021
08:00 AM
|
