Solved: Search payload sent with POST requests to a partic...

jcovingt · ‎10-13-2017

I have the following query, but I am not sure how to get the payload that was sent to the request_url.

index=fastly sourcetype=fastly_syslog_json fastly_service_name=www.mysite.com request_type=POST request_url="/api/v1/myPostEndpoint" | fields {what to put here?}

I am hoping there is a way I can inspect the payloads that have been POSTed to that endpoint over a range of time, in order to create a report on a particular field within those payloads.

jcovingt · ‎10-13-2017

It looks like request_body is not part of the normal http logs, which I suppose I should have known. Am I right in understanding that the only way I'd have captured this information is if I had been explicitly logging request_body at the app log level?

View solution in original post

jcovingt · ‎10-13-2017

It looks like request_body is not part of the normal http logs, which I suppose I should have known. Am I right in understanding that the only way I'd have captured this information is if I had been explicitly logging request_body at the app log level?

Search payload sent with POST requests to a particular endpoint in the past

Introducing the Splunk Community Dashboard Challenge!

Get the T-shirt to Prove You Survived Splunk University Bootcamp

Wondering How to Build Resiliency in the Cloud?