AnsweredAssumed Answered

How can I use splunk HEC to receive cloud monitor data?

Question asked by Wilson Soares on Apr 19, 2017
Latest reply on Apr 20, 2017 by Wilson Soares

Hi,

 

I'm trying to deliver cloud monitor data directly to splunk, using splunk HEC(http event colector).

I'm using the instruction from this document with no success:

Configure Akamai Cloud Monitor to send data to a distributed deployment - Splunk Documentation 

 

The HEC is waiting for a diferent format, and is always returning error 400:

< HTTP/1.1 400 Bad Request

 

Cloud monitor is sending the data in this format:

{"type":"cloud_monitor","format":"default","version":"1.0","id":"...

The splunk's HEC is waiting for this format:

'{ "time": 1426279439, "host": "localhost", "source": "datasource", "sourcetype": "txt", "index": "main", "event": { "Hello world!" }}'

 

Is possible to integrate cloud monitor and splunk without using an external parser?

 

Thank you,

Outcomes