SmartThings Community

Best way to collect logs from the hub?

(Moose Quest) #82

8089 is the service port for Splunk. You can’t connect to it with a web browser. There is web server like behind it, but its for REST API and event collection.

That IP is your IP of your splunk cloud instance

kris@mqdns1:/tmp> dig


Can you try with SSL off. If you have SSL on you will need to get a certificate for it work…

(Wilson Lu) #83


Thank you for the responses. I tried the solutions and I am still unable to log my json messages. Here is a snippet of my code

   def params = [
    uri: "",
    headers: [ 
        'Authorization': "Splunk 9B09427B-57F3-40F6-A687-26316CE4DA8A" 
    body: json

This setup simulates SSL as off with http instead of https. My new error is: org.apache.http.conn.HttpHostConnectException: Connect to [] failed: Connection refused

(Moose Quest) #84

Port shouldn’t have // after the :

(Wilson Lu) #85

Not sure which : you are referring to, but I did the following:

uri: ""


uri: ""

and both return the error:

Endpoint is blacklisted

(Moose Quest) #86

Hmmm. Alright when I get home I’ll dig. You can’t do this locally? No box
with Linux?

(Moose Quest) #87

So that error you are getting:

Connect to [] failed: Connection refused

is definitely because the URL is wrong (port). Also, the HTTP Event Collector needs to be enabled. You do that in the Global Settings under the HTTP Event Collecter in Splunk. Have you done that?

If needed we can do TeamViewer.

(Wilson Lu) #88

I have ensured that I have enabled my the HTTP event collector:

My only concern is I am not sure where my URL for my server lies. Where can I find that information? (I am using Splunk Lite, so most of this is setup for me.)

If I am unable to get this working, can I run through teamview with you on the weekend? I am currently traveling for work and unable to download teamview.

PS: I also tried using port 8088 too.

(Jason Hamilton) #89

thank you @kristerpher_hen for your assistance with @wilsonlu on this. I setup a splunk cloud instance a long time ago but quickly killed it off in favor of just building out a VM at the house with my own local splunk instance.

I agree that having a local instance is definitely easier but I’d like to hear how you guys get this setup and working and let me know if there are some changes that we’ll need to make to the code in order to accommodate future splunk cloud instances. Thanks.

(Moose Quest) #90

I’ve done it basically like this:

Machine running OpenSuse with ports 8089 and 8088 open on the firewall.
Installed Splunk Indexer.

Then I configured your code in the SmartThings app with local IP. And it
worked. At first I got error but was able troubleshoot easily. I was
suggesting a team viewer session so I could easily go through all the

(Jason Hamilton) #91

Any updates on the splunk cloud?

(Moose Quest) #92

I was talking with my colleagues at work and they think the Splunk Cloud might not allow ingress of activity on a port like that… It might only allow connectivity through a specialized forwarder. If that is the case then you will need to probably build this in the house… I might hit up one of the Splunk Cloud dudes on slack today and get his opinion. I’ll let you know the outcome.

(Moose Quest) #93

Got the answer (that was quick :smile:)

@wilsonlu you will need to call Splunk Cloud Support and ask them open the ports for you. At that point you will then be able to access your Splunk Instance!

Let us know the results!

(Hal Rottenberg) #94

I finally had time to play with this and so far am having issues. I was looking at the code to try and debug, and I think it would be helpful if you write some log messages with the results back from Splunk. Looking at, it seems like all of the HTTP response detail should be easily available. I’m totally new to groovy, so struggling with syntax to make this work.

I’m trying to use a local server, HTTPS. I have tested Splunk with a curl command which works fine, but no messages are showing up from ST. I suspect it’s a typo in the token, but without the response from Splunk, it’s hard to tell.

(Jason Hamilton) #95

Let me see what I can do here with spitting out some log details. I’ll update the repo once I get it working. I too am new to groovy and everything this was definitely a hack job to get it to work. If you’re using a local server I wouldn’t bother with the HTTPS since its all internal communication. The HTTPS request was for the early days of my app before I had local hub commands working :slight_smile:

(Jason Hamilton) #96

Ok thank you to @iBeech for your example of how to return the results from the hubaction.

@halr9000 so in my reading up on how to figure out how to get the results to return with the hubaction I also discovered that for local LAN calls ST will not work with HTTPS it will only do HTTP so you’ll need to turn off the HTTPS.

Also the other item that I’ve discovered here as of lately since I recently split my whole house up into multiple vlans. ST does not know how to route off to other VLANs. i.e. All of my Kodi devices were on my media vlan and ST was still on my lan so it would not talk to Kodi anymore so I had to move ST off to my media vlan no big deal but weird. I’ll post more on this in a new thread.

So at last if you would like to go do a pull I’ve updated my github with new code that will now spit out a result in your logs that looks like this

4161b9ce-a6ab-457e-9b74-57ccb4ae786a  11:02:25 AM: debug POST /services/collector/event HTTP/1.1 
Accept: */* 
User-Agent: Linux UPnP/1.0 SmartThings 
Authorization: Splunk YOUR TOKEN WILL SHOW UP HERE
Content-Length: 597 
Content-Type: application/json 
Accept-Encoding: gzip,deflate 

{"event":{"date":"Mon Nov 28 18:02:25 UTC 2016","name":"temperature","displayName":"West Side Motion","device":"West Side Motion","deviceId":"5df62ea8-d840-4ce8-9afb-a9cf0f9f2259","value":"44.4","isStateChange":"true","id":"d198ad10-b594-11e6-bfc4-121da09e2cea","description":"zw device: 2A, command: 3105, payload: 01 2A 01 BC","descriptionText":"West Side Motion temperature is 44.4°F","installedSmartAppId":"null","isoDate":"2016-11-28T18:02:25.743Z","isDigital":"false","isPhysical":"false","location":"Home","locationId":"652fa5ce-fb35-430e-ad5a-0aedfcf30dd2","unit":"F","source":"DEVICE",}}

Some day I’ll figure out how to disable the use ssl and stuff if the use internal is set to true but thats for another day.

(Jason Hamilton) #97

Ok so while my new code looked like it was working and I truly thought it was. Turns out it does spit out the results fine but it never actually makes the call back to splunk. So its more like a simulator of this is what I’m going to do but not actually do it. I’m working on trying to figure out what changes I need to make to the code to make this work. Will update once I am ready. Thanks.

(Jason Hamilton) #98

Ok good news. New code pushed into my github repo so go snag it. This is now spitting out the results and it also sends the stuff to splunk as well.

(Hal Rottenberg) #99

Hmm, I am getting full debug messages now, but no events in Splunk. Wondering if I have a networking issue like yours. Ahh–it is indeed on a different subnet. Fingers crossed…

(Jason Hamilton) #100

So in my case I’m using PFSense as my home firewall.

So what I did was setup HAProxy on PFSense and told it to proxy back to splunk. I then also told it to listen on the address of the subnet that ST was listening on. Lol its a stupid hack/work around but it gets the job done. Really wish that ST just knew hey here is your gateway now just let the router do what its supposed to do.

(Hal Rottenberg) #101