Hi Sid, Hope most of the questions are related to how to ingest realtime data through hec. I am also looking the same, Could you upload a video on that if possible and your videos are helping us alot. Thanks
I’m running the first example shown in the video. I run a curl command, and I get back a response saying ‘success’, but I don’t see the events in search. Do you know what the issue might be?
Thanks, dear, this video is very useful. I am currently working on sending users' activity logs and some integrations Events from an application to Splunk. do you have any idea how this can be performed efficiently?
Hi Sid, Using HEC token, can you create a use case for Openshift - Splunk integration using helm chart with YAML configuration....this would be really appreciable if you can do it...thanks for your contribution in Splunk literacy 😊
Hi Sid, thanks for the video. How do we configure HEC from an application server in real-time? where do we execute those commands which you showed using cURL? do we need to execute those in cmd of application server? using same syntax? unable to visualise for a real-time scenario. please help.
no no.. I just showed the curl commands because its just depicting a REST call which can be made from any app. Please have a look at the below link where they have given examples of how we can call HEC from java, .net, JS based apps. dev.splunk.com/enterprise/docs/dataapps/httpeventcollector/
HI Sid..thanks a lot for your videos..your videos helped a lot in working in splunk...can you please tell how to get a live data or running data using httpp event collector..if you can prepare a video it will be great.. the only confusion i have in splunk is getting data in...Like..when to use forwarder when to use http event collect or other things. Please help me in finding the answer of the following question. 1. When to use forwarder 2. does forwarder is only used to push windows data or linux data 3. what if we need to get the running data through forwarder. 4. how to get the live data using HTTP event. 5. suppose tomorrow i need to push the data from netflix or facebook for the monitoring purpose which data input we will use an how to push logs from netflix in splunk. I know i am sking a lot of questions but it will be a great help if you can manke one video on how to push difeerent types of logs and when to use which data inputs. Thanks a lot in advance
Hi Kushagra, It would be in cluster master. Please refer the below link. answers.splunk.com/answers/734827/how-to-deploy-hec-and-token-to-indexers-in-a-clust-1.html
When running commands, how did you get localhost:8088/services/collector? Where do I find this for my instance? Also, how did you know to choose port 8088? Is it because this was listed in the global settings of the HEC? Appreciate the help. Thanks for everything else.
Splunk provides SDKs for Java, C# and JS....using them you automate the stuff. Also its an API call from outside applications. Whatever we did it in Curl we can do the same stuff in python as well. dev.splunk.com/enterprise/docs/dataapps/httpeventcollector/
may be curl is not installed in your system. Please find the below post on how to install it, stackoverflow.com/questions/9507353/how-do-i-install-and-use-curl-on-windows
Yes its possible...It will depend on the app or system from which you will be sending events to splunk. There you can always do a setup to send events to splunk real time.
![งมหอย จับปลา มือเปล่า หาอยู่หากินแบบวีถีอีสานกับแก๊งเซียนหรั่ง ม่วนคัก! [ขอนแก่น] @Sianstudio](http://i.ytimg.com/vi/JEJZg6N-AbU/mqdefault.jpg)
Hi Sid,
Hope most of the questions are related to how to ingest realtime data through hec. I am also looking the same, Could you upload a video on that if possible and your videos are helping us alot. Thanks
Thank you very much for your thorough and wonderful explanation!
You are welcome Tom 👍
Awesome explanation. keep up the good work.
Thank you for your amazing video. I have been looking for help on the same and none has helped me in this way
I’m running the first example shown in the video. I run a curl command, and I get back a response saying ‘success’, but I don’t see the events in search. Do you know what the issue might be?
Nice video. Very good explanation.
Very nice demo. A little discussion on how a client machine's log file, say with 2000 events, are sent, would have been really nice.
Thanks, dear, this video is very useful. I am currently working on sending users' activity logs and some integrations Events from an application to Splunk. do you have any idea how this can be performed efficiently?
Hi Sid, Using HEC token, can you create a use case for Openshift - Splunk integration using helm chart with YAML configuration....this would be really appreciable if you can do it...thanks for your contribution in Splunk literacy 😊
Do you have any videos related to integration with Kubernates?
not yet , I will cover it soon.
Good video Siddharth
Hi Sid, thanks for the video. How do we configure HEC from an application server in real-time? where do we execute those commands which you showed using cURL? do we need to execute those in cmd of application server? using same syntax? unable to visualise for a real-time scenario. please help.
no no.. I just showed the curl commands because its just depicting a REST call which can be made from any app.
Please have a look at the below link where they have given examples of how we can call HEC from java, .net, JS based apps.
dev.splunk.com/enterprise/docs/dataapps/httpeventcollector/
Hi bro, do you have any idea about ,how to pull and load data from splunk to spark by using pyspark or scala spark or any third party app .
HI Sid..thanks a lot for your videos..your videos helped a lot in working in splunk...can you please tell how to get a live data or running data using httpp event collector..if you can prepare a video it will be great.. the only confusion i have in splunk is getting data in...Like..when to use forwarder when to use http event collect or other things. Please help me in finding the answer of the following question.
1. When to use forwarder
2. does forwarder is only used to push windows data or linux data
3. what if we need to get the running data through forwarder.
4. how to get the live data using HTTP event.
5. suppose tomorrow i need to push the data from netflix or facebook for the monitoring purpose which data input we will use an how to push logs from netflix in splunk.
I know i am sking a lot of questions but it will be a great help if you can manke one video on how to push difeerent types of logs and when to use which data inputs.
Thanks a lot in advance
In case of clustered environment , on which splunk component do we configure token
Hi Kushagra,
It would be in cluster master. Please refer the below link.
answers.splunk.com/answers/734827/how-to-deploy-hec-and-token-to-indexers-in-a-clust-1.html
Sir, For admin authentication, you provided a different token id? Like we have to create another token for that? I mean for basic authentication
No its the same token you need to use. For basic authentication the token is becoming the password.
very helpfull, thank you
When running commands, how did you get localhost:8088/services/collector? Where do I find this for my instance?
Also, how did you know to choose port 8088? Is it because this was listed in the global settings of the HEC?
Appreciate the help. Thanks for everything else.
Except for one time CURL statements, how we automate usual logs to be sent to indexers via HEC?
Splunk provides SDKs for Java, C# and JS....using them you automate the stuff. Also its an API call from outside applications. Whatever we did it in Curl we can do the same stuff in python as well.
dev.splunk.com/enterprise/docs/dataapps/httpeventcollector/
Hi Siddharth, can I get link for data ingestion through API, I didn't find that video in this list
Hi Babu,
Please find the link below
th-cam.com/video/JshI6JT60Rs/w-d-xo.html
Sid
Anyone knows how to group http request by simillar patterns? What can i use?
Thanks so much for this. I keep getting a "Connection reset by Peer" error on the curl command
Solved...I forgot to paste my his there.. Thanks
Token valua was missed...
How we can forward the data from GCP application to Splunk using HEC?
You can get the details here,
cloud.google.com/architecture/exporting-stackdriver-logging-for-splunk
How can we add multiple indices to single hec token
I think using output group you can send to multiple indexers,
docs.splunk.com/Documentation/Splunk/8.0.5/Data/UsetheHTTPEventCollector
Thank you
How to send batch to splunk
Hello getting error in CMD as getting error as curl is a bad command..I am using windows
may be curl is not installed in your system. Please find the below post on how to install it,
stackoverflow.com/questions/9507353/how-do-i-install-and-use-curl-on-windows
Thabks buddy
how can i get live event from any server using event collector ?
From that server you need to do a post to your HEC endpoint.
can we do continuous monitoring using HEC?
Yes its possible...It will depend on the app or system from which you will be sending events to splunk. There you can always do a setup to send events to splunk real time.
@@splunk_ml thank you
can we use Java to send splunk api requests ?
Hi Umesh,
Yes you can do that, there is a framework for that. Please have a look at the below link,
dev.splunk.com/view/splunk-logging-java/SP-CAAAE2K
I keep getting error 404 not found :(
Sid,
I got error with below command
curl -k localhost:8088/services/collector -H "Authorization:Splunk d4661317-2829-48c5-a1c6-e3aa2ff5f792" -d "{\"sourcetype\": \"trial\",\"event\":\"hello world!\"}"
What error you got? Can you paste the error string