ashah-splunk
commented
2 years ago Hi @mvgadagi , event API endpoint requires the body parameter as String, here in the code JSON is being passed for body which is the reason for the error.
--> Here just add the body within quotes and the event will be pushed to the Splunk
i.e - body='{"index": "my_index", "event": {"message": "Test Message"}}'
Here are some references for the same
--> Test case for Event where JSON.dumps is used for the message being passed in body
--> Splunk Docs for Event Formats, in the curl example commands given, the event body being passed is covered within quotes(')
Note:- the references you referred also use the event body i.e after -d in curl command is covered within quotes
Would request you to try with the suggested change and let us know in case you still face the issue.
Describe the bug Not able to post the payload from the Splunk SDK client service
To Reproduce Steps to reproduce the behavior:
I have used the below code to push the logs
But I am getting an error as
HTTP 400 Bad Request -- b'{"text":"Invalid data format","code":6,"invalid-event-number":0}'
I have referred to the below links but nothing helps me to solve the problem, Can you please help me with this?
https://community.splunk.com/t5/Getting-Data-In/HTTP-event-collector-error-with-data-format/m-p/352755 https://medium.com/adarma-tech-blog/splunk-http-event-collectors-explained-2c22e87ab8d2
Expected behavior It should successfully post the content to Splunk
Logs or Screenshots HTTP 400 Bad Request -- b'{"text":"Invalid data format","code":6,"invalid-event-number":0}'
Splunk (please complete the following information):
SDK (please complete the following information):