【发布时间】:2021-09-08 05:57:00
【问题描述】:
我正在使用一个脚本,它给我一些 json 格式的数据,我想把这些数据发送到 splunk。 我可以将脚本的输出存储在文件中,但如何将其发送到 HTTP 事件收集器?
我尝试过但没有成功的几件事:
FILE="output.json"
file1="cat answer.txt"
curl -k "https://prd-pxxx.splunkcloud.com:8088/services/collector" -H "Authorization: Splunk XXXXX" -d '{"event": "$file1", "sourcetype": "manual"}'
-----------------------------------------------------------
curl -k "https://prd-pxxx.splunkcloud.com:8088/services/collector" -H "授权:Splunk XXXXX" -d '{"event": "@output.json", "sourcetype ": "手动"}'
curl -k "https://prd-p-w0gjo.splunkcloud.com:8088/services/collector" -H "Authorization: Splunk d70b305e-01ef-490d-a6d8-b875d98e689b" -d '{"sourcetype":"_json", "event": "@output.json", "source": "output.json}
-----------------------------------------------------------------
After trying this I understand that it literally sends everything specified in the event section. Is there a way I can send the content of the file or use a variable?
Thanks in advance!
【问题讨论】:
标签: http events splunk collectors