Hello people, i have been trying to make log forwarding to splunk instance that splunk instance seems to be working well (is a splunk cloud trial) and after doing a curl it seems to be working well:
curl -k https://xyx-y-xxxx.splunkcloud.com:8088/services/collector/event -H "Authorization: Splunk xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -d '{"event": "hello world"}'
{"text":"Success","code":0}
But when i try to set on App Builder using:
$ aio app config set log-forwarding
? select log forwarding destination Splunk HEC
? host xyx-y-xxxx.splunkcloud.com
? port 8088
? index main
? hec_token [hidden]
» Error: Could not update log forwarding settings for namespace 'app-builder-sandbox-instance': 400 (Bad
» Request). Error: {"reason":"Validation failed","message":"[Splunk HTTP Error: connect timed out]"}
so i still cannot figure out why is this not working it would be glad if someone has been passed through this or a similar situation that could give a clue of where can be the problem
Solved! Go to Solution.
Topics help categorize Community content and increase your ability to discover relevant content.
Views
Replies
Total Likes
Anything with `-k` (`--insecure`) will return a "false-positive" result because we don't support self-signed certificates.
In other words, even if Splunk allows such connections, we don't allow them from our services to Splunk for security reasons.
Hey @JoseLuis13 I have forwarded the question the team. Meanwhile, can you try it with port 443?
Views
Replies
Total Likes
Hi, @JoseLuis13 , sorry for the delay. Is there any chance that you can provide host and port (I'd assume that you are still using the same port, which is 8088)?
Views
Replies
Total Likes
is a splunk cloud trial: prd-p-uaiyv.splunkcloud.com:8088
curl https://prd-p-uaiyv.splunkcloud.com:8088 curl: (60) SSL certificate problem: self signed certificate in certificate chain
We don't support self-signed ("insecure") certificates.
Views
Replies
Total Likes
wrong curl the way i put on my original question (the token is temporary so it will expire after some time)....
curl -k https://prd-p-uaiyv.splunkcloud.com:8088/services/collector/event -H "Authorization: Splunk 26f05822-ff96-476c-b11b-234e1dcacc0b" -d '{"event": "hello world"}'
{"text":"Success","code":0}
it should work.
Views
Replies
Total Likes
Anything with `-k` (`--insecure`) will return a "false-positive" result because we don't support self-signed certificates.
In other words, even if Splunk allows such connections, we don't allow them from our services to Splunk for security reasons.
ok thanks i'll check it and try to test then with a trusted certificated i guess
Views
Like
Replies