Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

HEC event formatting: How to configure Splunk to show only message field and not all fields?

redg
Loves-to-Learn
‎01-08-2023 06:42 PM

Good evening,
With a Java Spring Boot application, I use the library provided by Splunk to send to Splunk the logs using
com.splunk.logging.HttpEventCollectorLogbackAppender.

By default when I do a search in Splunk, the event appears like this (see image below).

redg_0-1673231701551.png

But I'd rather default the search to return results in this form.

redg_1-1673231784318.png

Is it possible to configure Splunk (Source types, etc..)  to display only the message field and not the entire event with all the fields?

 

 

 

Labels (1)
Labels
Tags (2)
0 Karma
Reply

PaulPanther
Builder
‎01-09-2023 01:58 AM

@redg You could use the HEC Raw-Endpoint (Format events for HTTP Event Collector - Splunk Documentation) and parse & transform the events as needed.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...