Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How important is specified JSON format?

ArnasK
Observer
‎09-08-2022 11:24 PM

Hello, documentation shows JSON format as a: metadata fields, events field with additional data in it.

Format events for HTTP Event Collector - Splunk Documentation

 

My question is how important is to preserve this structure?  Can you remove "event" nesting?

That's how events looks in Splunk right now, I have to press on a "+" sign to see the actual message.

ArnasK_1-1662704176670.png

 

If I remove the "event" nesting I can see the main message without extra actions.

ArnasK_2-1662704319585.png

 

P.S. if this is of any importance, data is being transferred to Splunk via TCP, not HTTP.

 

 

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Database Performance Sidebar Panel Now on APM Database Query Performance & Service ...

We’ve streamlined the troubleshooting experience for database-related service issues by adding a database ...

IM Landing Page Filter - Now Available

We’ve added the capability for you to filter across the summary details on the main Infrastructure Monitoring ...

Dynamic Links from Alerts to IM Navigators - New in Observability Cloud

Splunk continues to improve the troubleshooting experience in Observability Cloud with this latest enhancement ...