Getting Data In

splunk-bunyan-logger logs in impractical format

mcv
Engager

I'm using splunk-bunyan-logger to log to splunk. The example on https://github.com/splunk/splunk-bunyan-logger suggests using it like:

 

 

Logger.info({
    message: {
        temperature: "70F",
        chickenCount: 500
    }
}, "Chicken coup looks stable.");

 

 

 I'm using it like:

 

 

logger.info({ name, type: 'queryPerformance', ms }, `${name} took ${ms} ms`);

 

 

Despite not wrapping my own fields (name, type and ms) in a `message` object, in splunk, they do still end up in a message object. So I have to search by `message.type` instead of just `type`. Also, the text message ("Chicken coup looks stable" or `${name} took ${ms}`) does not show up anywhere at all.

Is there a better way to use splunk-bunyan-logger to make it log the way I want it to?

Labels (1)
0 Karma

richgalloway
SplunkTrust
SplunkTrust
The logger uses Splunk's HTTP Event Collector, which expects events in JSON format. See https://docs.splunk.com/Documentation/Splunk/8.0.4/Data/FormateventsforHTTPEventCollector
The problem with using someone else's code is you're stuck with how they do it. To log the way you want to you'll need to write your own code, perhaps using the bunyan logger as a starting point.
---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off

We love our Splunk Community and want you to feel inspired by all your hard work! Eric Fusilero, our VP of ...

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...