aio app config set log-forwarding not working

Question

Hello people, i have been trying to make log forwarding to splunk instance that splunk instance seems to be working well (is a splunk cloud trial) and after doing a curl it seems to be working well:  curl -k https://xyx-y-xxxx.splunkcloud.com:8088/services/collector/event -H "Authorization: Splunk xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -d '{"event": "hello world"}'
{"text":"Success","code":0} But when i try to set on App Builder using: $ aio app config set log-forwarding
? select log forwarding destination Splunk HEC
? host xyx-y-xxxx.splunkcloud.com
? port 8088
? index main
? hec_token [hidden]
 »   Error: Could not update log forwarding settings for namespace 'app-builder-sandbox-instance': 400 (Bad 
 »    Request). Error: {"reason":"Validation failed","message":"[Splunk HTTP Error: connect timed out]"} so i still cannot figure out why is this not working it would be glad if someone has been passed through this or a similar situation that could give a clue of where can be the problem

YevSen · Accepted Answer

wrong curl the way i put on my original question (the token is temporary so it will expire after some time)....

curl -k https://prd-p-uaiyv.splunkcloud.com:8088/services/collector/event -H "Authorization: Splunk 26f05822-ff96-476c-b11b-234e1dcacc0b" -d '{"event": "hello world"}'
{"text":"Success","code":0}

it should work.

Anything with `-k` (`--insecure`) will return a "false-positive" result because we don't support self-signed certificates.

In other words, even if Splunk allows such connections, we don't allow them from our services to Splunk for security reasons.

YevSen · Answer

Hi, @joseluis13 , sorry for the delay. Is there any chance that you can provide host and port (I'd assume that you are still using the same port, which is 8088)?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded