×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
yarinm
Explorer
Member since: ‎11-06-2018
‎06-05-2020
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎11-06-2018
Activity Feed
View All

Re: Why is linemerging not working with Http Event...

by in Getting Data In
‎11-07-2018 12:56 PM
‎11-07-2018 12:56 PM
The official splunk-hec fluentd plugin doesn't support the /raw endpoint at the moment.. ... View more

Re: Why is linemerging not working with Http Event...

by in Getting Data In
‎11-06-2018 11:33 PM
‎11-06-2018 11:33 PM
@marycordovacaa The current official plugin by splunk for fluentd doesn't support the raw API https://github.com/splunk/fluent-plugin-splunk-hec We're currently sending using the /event endpoint. After some testing, if I use the raw endpoint (and batch the events) together the LINEMERGE rule applies. If I use the event endpoint (with batching) it ignores it completely. I was afraid that I'll have to resort to merging the lines with fluentd.. Any other suggestions? ... View more

Why is linemerging not working with Http Event Col...

by in Getting Data In
‎11-06-2018 05:52 AM
1 Karma
‎11-06-2018 05:52 AM
1 Karma
Hey, We're trying to use Splunk HEC (+fluentd) and our existing linemerge rules aren't applied to events pushed using HEC. We have a Splunk forwarder that pushes the same data and the linemerge rules properly applied to them. Am I missing anything? Does HEC ignore merge rules ? ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma from
View All