I'm trying to use logstash to send data directly to an http event collector (HEC). The HEC collector accepts the following correctly.
curl -k https://10.8.71.164:8088/services/collector/raw -H "Authorization: Splunk a3709e9b-8443-4ac5-932b-xxxxxxxxxxxx" -d '{"event": "hello world"}'
{"text":"Success","code":0}
As well as I have configure output pipeline correctly like--->
[34892][2019-10-11T01:02:27,329][ERROR][logstash.outputs.http ] [HTTP Output Failure] Could not fetch URL {:url=>"https://10.8.71.164:8088/services/collector/raw", :method=>:post, :body=>"{"offset":160807523,"@version":"1","source":"/opt/sdf/log/af02_alarm_log.10102019","fileset":{"module":"bsf","name":"af02"},"prospector":{"type":"log"},"event_type":"af02","ALARM_TYPE":"0002","tags":["beats_input_codec_plain_applied"],"newTimestamp":"10102019 23:32:28","host":{"name":"vbsfda01dq001"},"ALARM_OWNER":"logstash ","ALARM_SEVERITY":"2","ALARM_COUNT":"1","@timestamp":"2019-10-11T06:32:28.000Z","beat":{"hostname":"vbsfda01dq001","version":"6.4.3","name":"vbsfda01dq001"},"input":{"type":"log"},"ALARM_ID":"9999","ALARM_MESSAGE":"[2019-10-10T23:32:28,541][DEBUG][logstash.outputs.elasticsearch] config LogStash::Outputs::ElasticSearch/@hosts = [//127.0.0.1:9200]\n","time":1.570775548E9}", :headers=>{"Authorization"=>"Splunk a3709e9b-8443-4ac5-932b-47112409702f", "Content-Type"=>"application/json"}, :message=>"Host name '10.8.71.164' does not match the certificate subject provided by the peer (O=SplunkUser, CN=SplunkServerDefaultCert)", :class=>"Manticore::UnknownException", :backtrace=>nil, :will_retry=>false}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.