Splunk log stream update requires that a value for splunkPort be provided even if none was configured

, ,

API: api/v2/log-streams/

Updating an existing Splunk log stream requires that a value for “splunkPort” be provided even if no port was configured prior to the update.

Scenario:

  1. Read existing Splunk log stream (http GET). The value for “splunkPort” comes back empty:

{ id: “lst_0000000000001234”, name: “MyCorp Splunk”, type: “splunk”, status: “active”, sink: { splunkDomain: “http-inputs-mycorp.splunkcloud.com”, splunkPort: “”, splunkToken: “ORIGINALTOKEN”, splunkSecure: true, }}

  1. Update something like “SplunkToken”

  2. Update the log stream (http PATCH). api/v2/log-streams/lst_0000000000001234

{ name: “MyCorp Splunk”, type: “splunk”, status: “active”, sink: { splunkDomain: “http-inputs-mycorp.splunkcloud.com”, splunkPort: “”, splunkToken: “NEWTOKEN”, splunkSecure: true, }}

Expected result: The Splunk log stream’s token is updated. All other settings remain as they were.

Actual result:
{“statusCode”: 400, “error”: “Bad Request”, “message”: “The log stream configuration is invalid.”}

If a value for “splunkPort” is provided (i.e. 443) then the update works as expected.

If “splunkPort” is a required value during a PATCH then it should also be returned during a GET. Or, and this might be preferable, allow an empty value be provided for “splunkPort” and behind the scenes use a default port value (which is what configuring a Splunk log stream in the console seems to do).

1 Like

Hey there @todd.lagimonier,

Thanks for bringing this to my attention, I will share this with the team and let you know what we find as we dig into the matter!