Re: What date format does splunk HTTP Event Collec...

mark-jones · ‎09-19-2022

I want to parse local log files and add the date to the body of the post request, but not exactly certain what is the best date form at to use? Can someone please provide some example options?

Thank You,

Mark

$params = @{
    Uri = 'https://prd-p.splunkcloud.com:8088/services/collector'
    Method = 'POST'
    Headers = @{
        Authorization = 'Splunk 2caf8cde'
    }
    Body   = @{
        index = 'job1'
        sourcetype = '_json'
        event      = @{
            name1 = "value1"
            name2 = "value2"
            array1 = @(
                "value1"
                "value2"
            )
        }
    } | ConvertTo-Json
}
Invoke-RestMethod -SkipCertificateCheck @params

bowesmana · ‎09-19-2022

Add a "time" field with epoch time

See here

https://docs.splunk.com/Documentation/Splunk/9.0.1/Data/FormateventsforHTTPEventCollector

You should probably use

services/collector/event

https://docs.splunk.com/Documentation/Splunk/9.0.1/Data/HECRESTendpoints

venkatasri · ‎09-19-2022

Hi @mark-jones

https://docs.splunk.com/Documentation/Splunk/9.0.1/Data/FormateventsforHTTPEventCollector#Event_meta...

You could take a look at this link and there are examples deep links to follow inside.

--

Hope it helps!

What date format does splunk HTTP Event Collector use?

HTTP Event Collector

Can’t make it to .conf25? Join us online!

What Is Splunk? Here’s What You Can Do with Splunk

Level Up Your .conf25: Splunk Arcade Comes to Boston

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Are you a member of the Splunk Community?