Good Day,
I am trying to use the logstash http output command to replicate the following curl command?
curl -k PATCH https://etp.us.example.com/api/v1/policies/123455/deny -H "Content-Type: application/json" -H "x-example-api-key: <API-KEY>" -d'{"add": {"sender_ip": ["1.1.1.1", "1.1.1.2"],}}'
My logstash Output configuration for http
http {
url => "https://etp.us.example.com/api/v1/policies/123455/deny"
http_method => "patch"
format => "json"
headers => {
"accept" => "application/json"
"content_type" => "application/json"
"x-example-api-key" => "<API-KEY>"
}
message => "%{sender_ips}"
}
When I run logstash I actually get the servers API to send back a "HTTP/1.1 200 OK" but nothing shows up on the sever side. So it sends the sender_ip data, server accepts it but nothing shows up. If I run the curl command I get data showing up on the server side.
logstash debug shows the following:
[DEBUG] 2024-12-04 14:19:04.783 [[main]>worker0] wire - http-outgoing-1 >> "content_type: application/json[\r][\n]"
[DEBUG] 2024-12-04 14:19:04.783 [[main]>worker0] wire - http-outgoing-1 >> "accept: application/json[\r][\n]"
[DEBUG] 2024-12-04 14:19:04.783 [[main]>worker0] wire - http-outgoing-1 >> "Content-Type: application/json[\r][\n]"
[DEBUG] 2024-12-04 14:19:04.783 [[main]>worker0] wire - http-outgoing-1 >> "Content-Length: 418[\r][\n]"
[DEBUG] 2024-12-04 14:19:04.783 [[main]>worker0] wire - http-outgoing-1 >> "Host: etp.us.example.com[\r][\n]"
[DEBUG] 2024-12-04 14:19:04.783 [[main]>worker0] wire - http-outgoing-1 >> "User-Agent: Manticore 0.8.0[\r][\n]"
[DEBUG] 2024-12-04 14:19:04.783 [[main]>worker0] wire - http-outgoing-1 >> "Accept-Encoding: gzip,deflate[\r][\n]"
[DEBUG] 2024-12-04 14:19:04.783 [[main]>worker0] wire - http-outgoing-1 >> "[\r][\n]"
[DEBUG] 2024-12-04 14:19:04.783 [[main]>worker0] wire - http-outgoing-1 >> "{"sender_ips":"[\"6.3.2.5\",\"23.88.71.29\",\"37.220.6.115\",\"112.217.108.138\",\"211.192.239.232\",\"64.188.19.117\",\"142.11.209.144\",\"138.201.8.186\",\"193.29.13.167\",\"103.68.251.31\",\"103.238.226.160\",\"45.248.87.196\",\"64.44.131.109\",\"5.252.178.55\",\"185.243.115.65\",\"185.163.47.134\",\"185.117.75.156\",\"113.160.165.75\",\"202.58.104.100\",\"111.229.73.84\",\"185.221.202.35\",\"167.88.180.198\"]"}"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "HTTP/1.1 200 OK[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "Date: Wed, 04 Dec 2024 21:19:05 GMT[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "Content-Type: application/json[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "Connection: keep-alive[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "CF-Ray: 8eced5273affce98-SJC[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "CF-Cache-Status: DYNAMIC[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "Access-Control-Allow-Origin: http://example.com https://example.com http://examplegov.com https://examplegov.com http://test.com https://example.com[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "Strict-Transport-Security: max-age=31536000; includeSubdomains;[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "Access-Control-Allow-Credentials: true[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "Access-Control-Allow-Headers: [\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "Access-Control-Allow-Methods: GET, POST, PATCH, PUT, DELETE[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "X-Content-Type-Options: nosniff[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "X-Frame-Options: SAMEORIGIN[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "x-request-id: SJxZLvS0Xyx[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "X-XSS-Protection: 1; mode=block[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "Vary: Accept-Encoding[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "Server: cloudflare[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "Content-Encoding: gzip[\r][\n]"
[DEBUG] 2024-12-04 14:19:05.407 [[main]>worker0] wire - http-outgoing-1 << "Content-Length: 12458[\r][\n]"
I am not sure why server is sending back a "HTTP/1.1 200 OK" Code but nothing shows up. It has to be the way my http output syntax is structured?