In order to send data to Splunk Cloud with HTTP, you should set up an event collector. When you do this, save the auth token they give you. The URL you connect to is your Splunk cloud name, with “input-” pre-pended (e.g. input-prd-p-v12345.cloud.splunk.com), using port 8088.
To build the HTTP request in python, first set up the request, using the token they give you in the authorization header. You also need to pick a GUID for the second property.
import requests
headers = {
'Authorization': 'Splunk ' + token,
'X-Splunk-Request-Channel': 'aaaaaaaa-4444-aaaa-bbbb-0025754046ec'
}
Chances are you’ll need to be able to debug this, so this code will make the requests library print out everything it sends:
import logging
import contextlib
try:
from http.client import HTTPConnection # py3
except ImportError:
from httplib import HTTPConnection # py2
def debug_requests_on():
'''Switches on logging of the requests module.'''
HTTPConnection.debuglevel = 1
logging.basicConfig()
logging.getLogger().setLevel(logging.DEBUG)
requests_log = logging.getLogger("requests.packages.urllib3")
requests_log.setLevel(logging.DEBUG)
requests_log.propagate = True
debug_requests_on()
logging.basicConfig(level=logging.DEBUG)
Then all you have to do is construct a JSON object with your event data and send it. Splunk Cloud appears to use SNI SSL, which this set of libraries doesn’t handle well, I disabled certificate checking, but this is not recommended for a production system.
for o in objects:
jsonData = {
"host":"jenkins",
"index":"model-performance",
"sourcetype":"http",
"source":"http:python-report",
"event": json.dumps(o)
}
r = requests.post(url, json=jsonData, headers=headers, verify=False)
print(r.json())