Send event data to Splunk in .NET 5.0
Splunk (the product) captures, indexes and correlates real-time data in a searchable repository from which it can generate graphs, reports, alerts, dashboards and visualizations.
Source Code: jinget-dotnet5-splunk-sample | GitHub.com
Prerequisites
- You have already enabled the HTTP input endpoint
- You have already obtained the HEC(Http Endpoint Connector) token.
If not please refer to: Set up and use HTTP Event Collector in Splunk Web
In order to send event data to Splunk you do not have very difficult way. Just follow these steps:
- Take care of invalid SSL certificates
If you are using invalid or self signed certificates, prior to calling any Splunk API, you need to suppress the SSL error. You can suppress it as following:
HttpClientHandler clientHandler = new()
{
ServerCertificateCustomValidationCallback = (sender, cert, chain, sslPolicyErrors) => true
};And then simply pass the clientHandler to your HttpClient class constructor:
var httpClient = new HttpClient(clientHandler);2. Call the API
Ok now we are ready to call Splunk APIs. In order to send an event to Splunk we can do as following:
httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(“Splunk”, “HEC Token”);//data should send via ‘event’ object
var data = JsonConvert.SerializeObject(new { @event = myData});
var stringContent = new StringContent(data, Encoding.UTF8, “application/json”);
var response = await httpClient.PostAsync(“{schema}://{url}:{port}/services/collector”, stringContent);
schema: If Enable SSL option is selected then https otherwise http
url: Url to access your Splunk website, without its port number
port: HTTP Port Number that is entered in General settings section in Splunk
Using this approach without installing any third party library, you are able to connect to Splunk and start communicating with it.
Full source code is available on my GitHub page at: jinget-dotnet5-splunk-sample | github.com
