How to Extract Event Logs from SignalFX via API?

rvillaflores · ‎02-14-2023

Hi,

I'm trying to extract logs via API using /v2/event/find Found here: Retrieve Events V2 | API Reference | Splunk Developer Program
However, the results I'm trying to get does not match with what I had in mind. (The results are similar to the examples in the link)

[ [-] 
  { [-] 
    id: "AddBYZrEFEF",
    metadata: { [-] 
      ETS_key1: "detector",
      ETS_key2: false,
      ETS_key3: 1001
    },
    properties: { [-] 
      is: "ok",
      sf_notificationWasSent: true,
      was: "anomalous"
    },
    sf_eventCategory: "USER_DEFINED",
    sf_eventType: "string",
    timestamp: 1554672630000,
    tsId: "XzZYApXCDCD"
  }
]

What I'm trying to get are raw messages from the Logs Observer in Splunk SignalFX (image below)

The json object I receive are just similar to the example, and not the messages we are ingesting. I need to extract a set with parameters/filters added. I'm expecting the result to be like this:

{
    "timestamp": "Feb 14 2023T12:00:00+0800",
    "message": "Error 404: /path/service/action",
    "severity": "ERROR",
    "service": "myApp-service"
}

How do I extract it?

How to Extract Event Logs from SignalFX via API?

field extraction

metadata

other

More Ways To Control Your Costs With Archived Metrics | Register for Tech Talk

.conf24 | Personalize your .conf experience with Learning Paths!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...