Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to Extract Event Logs from SignalFX via API?

rvillaflores
Loves-to-Learn
‎02-14-2023 01:14 AM

Hi,

I'm trying to extract logs via API using /v2/event/find Found here: Retrieve Events V2 | API Reference | Splunk Developer Program
However, the results I'm trying to get does not match with what I had in mind. (The results are similar to the examples in the link)

 

 

[ [-] 
  { [-] 
    id: "AddBYZrEFEF",
    metadata: { [-] 
      ETS_key1: "detector",
      ETS_key2: false,
      ETS_key3: 1001
    },
    properties: { [-] 
      is: "ok",
      sf_notificationWasSent: true,
      was: "anomalous"
    },
    sf_eventCategory: "USER_DEFINED",
    sf_eventType: "string",
    timestamp: 1554672630000,
    tsId: "XzZYApXCDCD"
  }
]

 

 

What I'm trying to get are raw messages from the Logs Observer in Splunk SignalFX (image below)

rvillaflores_0-1676365678569.png

The json object I receive are just similar to the example, and not the messages we are ingesting. I need to extract a set with parameters/filters added. I'm expecting the result to be like this:

 

 

{
    "timestamp": "Feb 14 2023T12:00:00+0800",
    "message": "Error 404: /path/service/action",
    "severity": "ERROR",
    "service": "myApp-service"
}

 

 

 How do I extract it?

Labels (2)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...