Re: What date format does splunk HTTP Event Collec...

mark-jones · ‎09-19-2022

I want to parse local log files and add the date to the body of the post request, but not exactly certain what is the best date form at to use? Can someone please provide some example options?

Thank You,

Mark

$params = @{
    Uri = 'https://prd-p.splunkcloud.com:8088/services/collector'
    Method = 'POST'
    Headers = @{
        Authorization = 'Splunk 2caf8cde'
    }
    Body   = @{
        index = 'job1'
        sourcetype = '_json'
        event      = @{
            name1 = "value1"
            name2 = "value2"
            array1 = @(
                "value1"
                "value2"
            )
        }
    } | ConvertTo-Json
}
Invoke-RestMethod -SkipCertificateCheck @params

bowesmana · ‎09-19-2022

Add a "time" field with epoch time

See here

https://docs.splunk.com/Documentation/Splunk/9.0.1/Data/FormateventsforHTTPEventCollector

You should probably use

services/collector/event

https://docs.splunk.com/Documentation/Splunk/9.0.1/Data/HECRESTendpoints

venkatasri · ‎09-19-2022

Hi @mark-jones

https://docs.splunk.com/Documentation/Splunk/9.0.1/Data/FormateventsforHTTPEventCollector#Event_meta...

You could take a look at this link and there are examples deep links to follow inside.

--

Hope it helps!

What date format does splunk HTTP Event Collector use?

HTTP Event Collector

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Mile High Learning with Splunk University, Denver, Colorado

IT Service Intelligence 5.0 Series: Your Guide to the June Launch

Agent Mode Engaged! Enchaining Agentic Operations with Splunk AI Assistant 2.0

Join the Conversation