Expand my Community achievements bar.

SOLVED

aio app config set log-forwarding not working

Avatar

Level 2

Hello people, i have been trying to make log forwarding to splunk instance that splunk instance seems to be working well (is a splunk cloud trial) and after doing a curl it seems to be working well:

 

 

curl -k https://xyx-y-xxxx.splunkcloud.com:8088/services/collector/event -H "Authorization: Splunk xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -d '{"event": "hello world"}'
{"text":"Success","code":0}

 

But when i try to set on App Builder using:

 

$ aio app config set log-forwarding
? select log forwarding destination Splunk HEC
? host xyx-y-xxxx.splunkcloud.com
? port 8088
? index main
? hec_token [hidden]
 »   Error: Could not update log forwarding settings for namespace 'app-builder-sandbox-instance': 400 (Bad 
 »    Request). Error: {"reason":"Validation failed","message":"[Splunk HTTP Error: connect timed out]"}

 

so i still cannot figure out why is this not working it would be glad if someone has been passed through this or a similar situation that could give a clue of where can be the problem

Topics

Topics help categorize Community content and increase your ability to discover relevant content.

1 Accepted Solution

Avatar

Correct answer by
Employee

Anything with `-k` (`--insecure`) will return a "false-positive" result because we don't support self-signed certificates.

 

In other words, even if Splunk allows such connections, we don't allow them from our services to Splunk for security reasons.

View solution in original post

7 Replies

Avatar

Employee
Employee

Hey @JoseLuis13 I have forwarded the question the team. Meanwhile, can you try it with port 443? 

Avatar

Employee

Hi, @JoseLuis13 , sorry for the delay. Is there any chance that you can provide host and port (I'd assume that you are still using the same port, which is 8088)?

Avatar

Level 2

is a splunk cloud trial: prd-p-uaiyv.splunkcloud.com:8088

Avatar

Employee
curl https://prd-p-uaiyv.splunkcloud.com:8088
curl: (60) SSL certificate problem: self signed certificate in certificate chain

We don't support self-signed ("insecure") certificates.

Avatar

Level 2

wrong curl the way i put on my original question (the token is temporary so it will expire after some time).... 

curl -k https://prd-p-uaiyv.splunkcloud.com:8088/services/collector/event -H "Authorization: Splunk 26f05822-ff96-476c-b11b-234e1dcacc0b" -d '{"event": "hello world"}'
{"text":"Success","code":0}

it should work.

Avatar

Correct answer by
Employee

Anything with `-k` (`--insecure`) will return a "false-positive" result because we don't support self-signed certificates.

 

In other words, even if Splunk allows such connections, we don't allow them from our services to Splunk for security reasons.

Avatar

Level 2

ok thanks i'll check it and try to test then with a trusted certificated i guess