PUT /mltk/hec_operations
PUT /mltk/hec_operations
Push one or more AI agent events into the configured Splunk index via `POST /services/receivers/simple` (HEC).
Description. Push one or more AI agent events into the configured Splunk index via POST /services/receivers/simple (HEC). The handler injects app_name: "Splunk_ML_Toolkit" into each event before forwarding. The target index is read from mlspl.conf key ai_agent_run_index (default ai_agent_run_history_index); sourcetype is ai_agent:response; source is aiagent_processor.
Prerequisites.
- HEC must be enabled.
- The Splunk request must carry a
system_authtokenheader (provided automatically when called through the persistent connection from a Splunk session). External callers must obtain it via Splunk auth and the persistent REST mount. - The configured index must exist and be writable by the admin token.
Body (JSON).
{
"events": [
{
"event": {
"request_id": "req-123",
"session_id": "sess-456",
"agent_name": "my_agent",
"prompt": "What is the weather?",
"response": "Sunny.",
"type": "run_finished",
"processing_time": "2.5"
}
}
]
}
Responses.
| Status | Meaning |
|---|---|
201 |
All events accepted ("Successfully pushed events to index: N") |
207 |
Partial success (some events failed; errors array populated) |
500 |
All events failed, missing system_authtoken, or REST proxy init failed |
Example.
curl -sk -u "$SPLUNK_USER:$SPLUNK_PASSWORD" -X PUT
-H "Content-Type: application/json"
--data @- "$SPLUNK_HOST/servicesNS/nobody/Splunk_ML_Toolkit/mltk/hec_operations?output_mode=json" <<'JSON'
{
"events": [
{
"event": {
"request_id": "req-123",
"session_id": "sess-456",
"agent_name": "my_agent",
"prompt": "Hi",
"response": "Hello!",
"type": "run_finished",
"processing_time": "0.45"
}
}
]
}
JSON