AnsweredAssumed Answered

How can I use splunk HEC to receive cloud monitor data?

Question asked by Wilson Soares on Apr 19, 2017
Latest reply on Apr 20, 2017 by Wilson Soares



I'm trying to deliver cloud monitor data directly to splunk, using splunk HEC(http event colector).

I'm using the instruction from this document with no success:

Configure Akamai Cloud Monitor to send data to a distributed deployment - Splunk Documentation 


The HEC is waiting for a diferent format, and is always returning error 400:

< HTTP/1.1 400 Bad Request


Cloud monitor is sending the data in this format:


The splunk's HEC is waiting for this format:

'{ "time": 1426279439, "host": "localhost", "source": "datasource", "sourcetype": "txt", "index": "main", "event": { "Hello world!" }}'


Is possible to integrate cloud monitor and splunk without using an external parser?


Thank you,