I want to parse local log files and add the date to the body of the post request, but not exactly certain what is the best date form at to use? Can someone please provide some example options?
Thank You,
Mark
$params = @{ Uri = 'https://prd-p.splunkcloud.com:8088/services/collector' Method = 'POST' Headers = @{ Authorization = 'Splunk 2caf8cde' } Body = @{ index = 'job1' sourcetype = '_json' event = @{ name1 = "value1" name2 = "value2" array1 = @( "value1" "value2" ) } } | ConvertTo-Json } Invoke-RestMethod -SkipCertificateCheck @params
Add a "time" field with epoch time
See here
https://docs.splunk.com/Documentation/Splunk/9.0.1/Data/FormateventsforHTTPEventCollector
You should probably use
services/collector/event
https://docs.splunk.com/Documentation/Splunk/9.0.1/Data/HECRESTendpoints
Hi @mark-jones
You could take a look at this link and there are examples deep links to follow inside.
--
Hope it helps!