Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

aio app config set log-forwarding not working

Avatar

Level 2

Hello people, i have been trying to make log forwarding to splunk instance that splunk instance seems to be working well (is a splunk cloud trial) and after doing a curl it seems to be working well:

 

 

curl -k https://xyx-y-xxxx.splunkcloud.com:8088/services/collector/event -H "Authorization: Splunk xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -d '{"event": "hello world"}'
{"text":"Success","code":0}

 

But when i try to set on App Builder using:

 

$ aio app config set log-forwarding
? select log forwarding destination Splunk HEC
? host xyx-y-xxxx.splunkcloud.com
? port 8088
? index main
? hec_token [hidden]
 »   Error: Could not update log forwarding settings for namespace 'app-builder-sandbox-instance': 400 (Bad 
 »    Request). Error: {"reason":"Validation failed","message":"[Splunk HTTP Error: connect timed out]"}

 

so i still cannot figure out why is this not working it would be glad if someone has been passed through this or a similar situation that could give a clue of where can be the problem

1 Accepted Solution

Avatar

Correct answer by
Employee

Anything with `-k` (`--insecure`) will return a "false-positive" result because we don't support self-signed certificates.

 

In other words, even if Splunk allows such connections, we don't allow them from our services to Splunk for security reasons.

View solution in original post

7 Replies

Avatar

Employee
Employee

Hey @JoseLuis13 I have forwarded the question the team. Meanwhile, can you try it with port 443? 

Avatar

Employee

Hi, @JoseLuis13 , sorry for the delay. Is there any chance that you can provide host and port (I'd assume that you are still using the same port, which is 8088)?

Avatar

Employee
curl https://prd-p-uaiyv.splunkcloud.com:8088
curl: (60) SSL certificate problem: self signed certificate in certificate chain

We don't support self-signed ("insecure") certificates.

Avatar

Level 2

wrong curl the way i put on my original question (the token is temporary so it will expire after some time).... 

curl -k https://prd-p-uaiyv.splunkcloud.com:8088/services/collector/event -H "Authorization: Splunk 26f05822-ff96-476c-b11b-234e1dcacc0b" -d '{"event": "hello world"}'
{"text":"Success","code":0}

it should work.

Avatar

Correct answer by
Employee

Anything with `-k` (`--insecure`) will return a "false-positive" result because we don't support self-signed certificates.

 

In other words, even if Splunk allows such connections, we don't allow them from our services to Splunk for security reasons.