- Splunk Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- Is this message format possible for sending to spl...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tell me, is this message format possible for sending to splunk:
curl --location --request POST 'http://170.25.25.25:8088/services/collector/event' --header 'Authorization: Splunk ееееее-еееееееее-ееееее-e6fc' --header 'Content-Type: text/plain' --data-raw '{
"messageId": "<ED280816-E404-444A-A2D9-FFD2D171F928>",
"srcMsgId": "<rwfsdfsfqwe121432gsgsfgdg>",
"correlationMsgId": "<rwfsdfsfqwe135432gsgsfgdg>",
"baseSystemId": "<SDS-IN>",
"routeInstanceId": "<TPKSABS-SMEV>",
"routepointID": "<1.SABS-GIS.TO.KBR.SEND>",
"eventTime": "<1985-04-12T23:20:50>",
"messageType": "<ED123>",
"GISGMPResponseID": "<PS000BA780816-E404-444A-A2D9-FFD2D1712345>",
"GISGMPRequestID": "<PS000BA780816-E404-444A-A2D9-FFD2D1712344>",
"tid": "<ED280816-E404-444A-A2D9-FFD2D171F900>",
"PacketGISGMPId": "<7642341379_20220512_123456789>",
"result.code": "<400>",
"result.desc": "<Ошибка: абвгд>"
}'
Without fields:
"event" and "fields"
Using only custom fields?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi metylkinandrey,
you can send your custom message via without 'fields' and 'event'.
instead of sending it like in your example to:
/services/collector/event
just send it to:
/services/collector/raw
see: https://docs.splunk.com/Documentation/Splunk/latest/Data/FormateventsforHTTPEventCollector
best regards,
Andreas
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi metylkinandrey,
you can send your custom message via without 'fields' and 'event'.
instead of sending it like in your example to:
/services/collector/event
just send it to:
/services/collector/raw
see: https://docs.splunk.com/Documentation/Splunk/latest/Data/FormateventsforHTTPEventCollector
best regards,
Andreas
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It seems to be what you need! Thank you!
Introducing the Splunk Community Dashboard Challenge!
Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...
Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...
