Adobe Developer

JoseLuis13 · 5/12/22

Hello people, i have been trying to make log forwarding to splunk instance that splunk instance seems to be working well (is a splunk cloud trial) and after doing a curl it seems to be working well:

curl -k https://xyx-y-xxxx.splunkcloud.com:8088/services/collector/event -H "Authorization: Splunk xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -d '{"event": "hello world"}'
{"text":"Success","code":0}

But when i try to set on App Builder using:

$ aio app config set log-forwarding
? select log forwarding destination Splunk HEC
? host xyx-y-xxxx.splunkcloud.com
? port 8088
? index main
? hec_token [hidden]
 »   Error: Could not update log forwarding settings for namespace 'app-builder-sandbox-instance': 400 (Bad 
 »    Request). Error: {"reason":"Validation failed","message":"[Splunk HTTP Error: connect timed out]"}

so i still cannot figure out why is this not working it would be glad if someone has been passed through this or a similar situation that could give a clue of where can be the problem

YevSen · 5/26/22

Anything with `-k` (`--insecure`) will return a "false-positive" result because we don't support self-signed certificates.

In other words, even if Splunk allows such connections, we don't allow them from our services to Splunk for security reasons.

View solution in original post

tmj · 5/19/22

Hey @JoseLuis13 I have forwarded the question the team. Meanwhile, can you try it with port 443?

YevSen · 5/26/22

Hi, @JoseLuis13 , sorry for the delay. Is there any chance that you can provide host and port (I'd assume that you are still using the same port, which is 8088)?

JoseLuis13 · 5/26/22

is a splunk cloud trial: prd-p-uaiyv.splunkcloud.com:8088

YevSen · 5/26/22

curl https://prd-p-uaiyv.splunkcloud.com:8088
curl: (60) SSL certificate problem: self signed certificate in certificate chain

We don't support self-signed ("insecure") certificates.

JoseLuis13 · 5/26/22

wrong curl the way i put on my original question (the token is temporary so it will expire after some time)....

curl -k https://prd-p-uaiyv.splunkcloud.com:8088/services/collector/event -H "Authorization: Splunk 26f05822-ff96-476c-b11b-234e1dcacc0b" -d '{"event": "hello world"}'
{"text":"Success","code":0}

it should work.

YevSen · 5/26/22

Anything with `-k` (`--insecure`) will return a "false-positive" result because we don't support self-signed certificates.

In other words, even if Splunk allows such connections, we don't allow them from our services to Splunk for security reasons.

JoseLuis13 · 5/26/22

ok thanks i'll check it and try to test then with a trusted certificated i guess

Adobe Developer

aio app config set log-forwarding not working

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe