Splunk Enterprise - Send JSON Event to HTTP Event Collector
Details
This atomic belongs to the Splunk Enterprise atomic group.
This atomic sends a JSON-formatted payload to a Splunk Enterprise HTTP event collector (HEC).
Note: Before using this atomic, you must create an HTTP Event Collector in Splunk Enterprise for the index you want to send events to. More information about this configuration can be found here: https://docs.splunk.com/Documentation/Splunk/latest/Data/UsetheHTTPEventCollector
Target: Platform APIs system target
Steps:
- Format the event date
- Build the channel GUID header
- Build the request payload
- Send the JSON to the HTTP event collector
- Check if the request was successful:
- If it was, attempt to extract the results and set the output variable
- If it wasn't, output an error
More information about this API: https://docs.splunk.com/Documentation/SplunkCloud/9.2.2406/Data/UsetheHTTPEventCollector#Configure_HTTP_Event_Collector_on_Splunk_Enterprise
About
Authorship
Cisco Managed