Hi Team, I am new here and would like to find a way to tackle this problem. I have structured json events that I am able to push to http event collector and create dashboards. However, if I save the same json event data to a logfile and use the forwarder then Splunk is unable to extract the fields. My sample json event is below. {"time":1668673601179, "host":"SAG-13X8573", "event": {"correlationid":"11223361", "name":"API Start", "apiName":"StatementsAPI", "apiOperation":"getStatements", "method":"GET", "requestHeaders": {"Accept":"application/json", "Content-Type":"application/json"}, "pathParams": {"customerID":"11223344"}, "esbReqHeaders": {"Accept":"application/json"} } } if I post this to http event collector I am able to see the fields correctly like below. If I save the same json data to a log file and forwarder sends this data to Splunk, it couldn't parse the data properly. All I see is like below. The event fields are not extracted properly including the timestamp. Should I format the json data in any other way before writing it to log file? Or any other configurations need to be done to make it work? Pls let me know. Thank you
... View more