Hi,
(Not Splunk questions per say...)
I'm setting up the HTTP Event Collector, so that our chef recipes can log to Splunk and we can have stats on it's usefulness and such...
I was able to communicate in the chef recipe to the HEC, using a basic curl command. Now, I want to pass the hostname of the server where I'm running, but having problems getting that HOSTNAME variable to appear. Wondering if any Linux guru's out there can help me out... OR.... help me map out how chef does an http_request to the Splunk parameters.
So, here's the curl command and the results:
curl -k https://myserver.com:8088/services/collector/event -H 'Authorization: Splunk 7E36213E-03E1-4246-93B9-81931D303A58' -d '{"event": "hello from ""'"$HOSTNAME"'""}'
{"text":"Invalid data format","code":6,"invalid-event-number":0}[a212830@vc2crtp1102248n ~]
If I just say "hello world" it works. But passing in the hostname variable throws a wrench into it.
That said, chef has an http_request function, but I'm not sure how to map the required Splunk parameters to it. Anyone tried it?
http_request 'posting data' do
action :post
url 'http://example.com/check_in'
message ({:some => 'data'}.to_json)
headers({'AUTHORIZATION' => "Basic #{
Base64.encode64('username:password')}",
'Content-Type' => 'application/data'
})
end
↧