REQUESTHTTPX 32603 status code

Hello,
I’ve been asked by a client to test the ability of the eWON to POST data in json format to a Splunk Cloud instance. I’ve been getting a 32603 status code when I run the function I wrote in Basic, and I’m not sure why. Here is part of the code:

Function Splunk_push($dataDate$, $dataName$, $value$)
 $url$ = "https://input-prd-p-frlbjxrcdpsk.cloud.splunk.com:8088/services/collector"
 $header$ = Auth$
 $header$ = $header$ + "&content-type=application/json"
 $myData$ = '{"time": '+$dataDate$+',"source": "test_ran2","event": {"tag": "'+$dataName$+'","value": '+$value$+'}}'
 REQUESTHTTPX $url$,"POST",$header$,$myData$
 stat% = GETSYS PRG,"ACTIONSTAT"
 Print stat%
EndFn

As you can see, I concatinated the header with the authentication. I am sure that the values are correct because I copied each one (the url, header and myData) and paste them in Postman using the POST function. This worked in Postman, but for some reason isn’t working here using the REQUESTHTTPX function. Any idea why?

Thanks,

Yoni

@Yonip

There are some conditions to be aware of when passing headers into REQUESTHTTPX. Specifically that ampersand ‘&’, spaces, and = cause the REQUESTHTTPX header input string parser to end one header and begin the next one.

Hi Joe,
Thanks for getting back to me.
I tried changing the header to fit the requirements as mensioned in your comment above, but I am still getting the 32603 status code.
My url now looks like this: https://input-prd-p-frlbjxrcdpsk.cloud.splunk.com:8088/services/collector

My header like this: Authorization%3DSplunk%2085*************%26content-type%3Dapplication%2Fjson

My data looks the same as before. Again, I am sure that this information is correct because I am able to send it and recieve it via Postman, but for some reason it does not send using the REQUESTHTTPX command.

@Yonip

Can you please provide a backup of your device using our eBuddy software (including support files)?

or

Can you please provide me temporarily login credentials to your device?

@Yonip

Can you confirm that the server address is accurate? I tried this in postman was unable to get a response just like the eWON device. Can you possibly try postman again and provide a screenshot of your settings?

Additionally, how are you setting up the token? According to Splunk collector api docs, you have to login, and get a session token which means the token expires.

Sent via private message

@Yonip

Is this Splunk install on the cloud or on your internal network?

It’s the Splunk Cloud service I’ve been using (I didn’t download any program or installed anything on my network).

Update:

Customer was using self-signed a certificate.

How to add a cert in the eWON:

FTP into the eWON and then place the cert into /usr/certificates (create the certificates folder).
Once the cert is in that location, edit the httpcertdir parameter in your device’s system cfg to show the correct path. httpcertdir = /usr/certificates.

screenshot example below

GET___PUT_HTTPS_request_using_BASIC_Script_or_Java.pdf (117.6 KB)