I'm looking for sample code that I can use to send json from my java app into the HEC. I'm having trouble connecting to HEC from the java program. I was hoping to be able to use the Splunk Java SDK, but I don't see any classes in there to support the HEC, so I'm using the Apache HttpClient implementation:
DefaultHttpClient httpclient = new DefaultHttpClient();
HttpPost httppost = new HttpPost("https://ip:8088/services/collector/event");
httppost.addHeader("Authorization", " Splunk <token id>");
String eventStr = "{sourcetype=accm_json, index=accm, event={ dataType: TEXT, filesize: 103212, processor: abc}}"
httppost.setEntity(new StringEntity(eventStr);
HttpResponse response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
System.out.println("response: " + entity);
When I run the code, the java program throws an SSLHandshakeException "unable to find valid certification path to the requested target" and the splunkd.log on the HEC shows "alert certificate unknown.
I don't understand what I am supposed to provide to be able to connect to the HEC from java. Can someone please help? I am able to insert events into HEC using cURL:
curl -k https://ip:8088/services/collector/event -H 'Authorization Splunk <token>' -d '{"sourcetype": "accm-json", "index":"accm", "event": {"dataType": "TEXT", "filesize":103212, "processor": "abc"}}'
... View more