Hi,
I'm trying to extract logs via API using /v2/event/find Found here: Retrieve Events V2 | API Reference | Splunk Developer Program
However, the results I'm trying to get does not match with what I had in mind. (The results are similar to the examples in the link)
[ [-]
{ [-]
id: "AddBYZrEFEF",
metadata: { [-]
ETS_key1: "detector",
ETS_key2: false,
ETS_key3: 1001
},
properties: { [-]
is: "ok",
sf_notificationWasSent: true,
was: "anomalous"
},
sf_eventCategory: "USER_DEFINED",
sf_eventType: "string",
timestamp: 1554672630000,
tsId: "XzZYApXCDCD"
}
]
What I'm trying to get are raw messages from the Logs Observer in Splunk SignalFX (image below)
The json object I receive are just similar to the example, and not the messages we are ingesting. I need to extract a set with parameters/filters added. I'm expecting the result to be like this:
{
"timestamp": "Feb 14 2023T12:00:00+0800",
"message": "Error 404: /path/service/action",
"severity": "ERROR",
"service": "myApp-service"
}
How do I extract it?