Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How to Extract Event Logs from SignalFX via API?

rvillaflores
Loves-to-Learn
‎02-14-2023 01:14 AM

Hi,

I'm trying to extract logs via API using /v2/event/find Found here: Retrieve Events V2 | API Reference | Splunk Developer Program
However, the results I'm trying to get does not match with what I had in mind. (The results are similar to the examples in the link)

 

 

[ [-] 
  { [-] 
    id: "AddBYZrEFEF",
    metadata: { [-] 
      ETS_key1: "detector",
      ETS_key2: false,
      ETS_key3: 1001
    },
    properties: { [-] 
      is: "ok",
      sf_notificationWasSent: true,
      was: "anomalous"
    },
    sf_eventCategory: "USER_DEFINED",
    sf_eventType: "string",
    timestamp: 1554672630000,
    tsId: "XzZYApXCDCD"
  }
]

 

 

What I'm trying to get are raw messages from the Logs Observer in Splunk SignalFX (image below)

rvillaflores_0-1676365678569.png

The json object I receive are just similar to the example, and not the messages we are ingesting. I need to extract a set with parameters/filters added. I'm expecting the result to be like this:

 

 

{
    "timestamp": "Feb 14 2023T12:00:00+0800",
    "message": "Error 404: /path/service/action",
    "severity": "ERROR",
    "service": "myApp-service"
}

 

 

 How do I extract it?

Labels (2)
Labels
0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...