AEM to Splunk HEC - Event not showing up in Splunk

Question

Hi team,

I am trying to send logs from my AEM as a Cloud Service custom service to Splunk using HTTP Event Collector. The call returns 200 OK, but nothing appears in Splunk search.

Here’s the code snippet:

JSONObject event = new JSONObject();
event.put("event", message);

HttpURLConnection conn = (HttpURLConnection) new URL(SPLUNK_HEC_URL).openConnection();
conn.setDoOutput(true);
conn.setRequestMethod("POST");
conn.setRequestProperty("Authorization", "Splunk " + SPLUNK_TOKEN);
conn.setRequestProperty("Content-Type", "application/json");

OutputStream os = conn.getOutputStream();
os.write(event.toString().getBytes(StandardCharsets.UTF_8));
os.flush();
os.close();

log.info("Response Code: {}", conn.getResponseCode());

Is there anything I am missing in request that’s preventing the event from showing in Splunk?

SantoshSai · Accepted Answer

Hi @vishal_kagde,Looks like, your JSON payload is too minimal. Splunk HEC expects an event field plus metadata like time, host and sourcetype. Even with 200 OK, missing these can prevent indexing.Can you try this if it works:JSONObject payload = new JSONObject();payload.put("time", System.currentTimeMillis() / 1000);payload.put("host", "aem-service");payload.put("sourcetype", "_json");JSONObject event = new JSONObject();event.put("message", message);payload.put("event", event); Reference: https://docs.splunk.com/Documentation/Splunk/9.4.2/Data/UsetheHTTPEventCollector#Event_metadata

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded