×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
y2000maxima
Engager
Member since: ‎04-07-2023
‎04-10-2024
Community Statistics
Posts 4
Solutions 0
Karma Given 1
Karma Received 0
Member Since ‎04-07-2023
Activity Feed
View All

Re: Upgrade Readiness App

by in Splunk Enterprise
‎04-10-2024 12:20 PM
‎04-10-2024 12:20 PM
Hi. Were you able to overcome this issue?   ... View more

Re: Ingesting and 'Transforming' AWS SQS Messages

by in Getting Data In
‎04-11-2023 10:00 AM
‎04-11-2023 10:00 AM
Thank you again!  ... View more

Re: Ingesting and 'Transforming' AWS SQS Messages

by in Getting Data In
‎04-10-2023 06:37 AM
‎04-10-2023 06:37 AM
Thank you very much tscroggins.  We will try your suggestion out.   Hopefully being on Splunk SaaS won't prevent our ability to do this.  Thank you ... View more

Ingesting and 'Transforming' AWS SQS Messages

by in Getting Data In
‎04-07-2023 09:24 AM
‎04-07-2023 09:24 AM
Hello,       We are trying to ingest JSON based messages from an AWS SQS topic.    When ingesting the messages we are finding extra added json around the actual Message we are trying to ingest.  The extra JSON is automatically added in by AWS SQS.  The actual Message we want to ingest has the xpath of  "?BodyJson?Message".    Can we configure the Splunk TA to pull the SQS Messages off the topic but apply some type of xpath or transform to only ingest the Message (?BodyJson?Message).     See screenshot below.  While pulling the message off the SQS topic we only want the message in the green rectangle.   but its buried in all the other json.... Actual JSON to whole message above in screenshot. { "MessageId": 23411111111444, "ReceiptHandle": "y", "MD5OfBody": 23411333333333111111444, "Body": "{\n \"Type\" : \"Notification\",\n \"MessageId\" : \"xxxxxxx-xxx-xxxxxx\",\n \"TopicArn\" : \"arn:topic123\",\n \"Message\" : \"{\\\"timestamp\\\": \\\"1680882420000\\\", \\\"metric_name:test\\\": \\\"0\\\", \\\"aggregation\\\": \\\"avg\\\", \\\"resolution\\\": \\\"1m\\\", \\\"unit\\\": \\\"Percent\\\", \\\"entity.id\\\": \\\"SERVICE-12345\\\", \\\"entity.name\\\": \\\"test\\\", \\\"source.name\\\": \\\"testsource\\\"}\",\n \"Timestamp\" : \"2023-04-07T15:56:02.509Z\",\n \"SignatureVersion\" : \"1\",\n \"Signature\" : \"23423423423\",\n \"SigningCertURL\" : \"https://sns.u234234234234234234\",\n \"UnsubscribeURL\" : \"https://sns.23423423423423423423\"\n}", "Attributes": { "SenderId": "xxxxxxxxxxxxxxx", "ApproximateFirstReceiveTimestamp": "1680882978026", "ApproximateReceiveCount": "1", "SentTimestamp": "1680882962536" }, "BodyJson": { "Type": "Notification", "MessageId": "xxxxxxxxxxxxxxxxx", "TopicArn": "arn:aws:sns:us-east-1:996142040734:APP-4498-dev-PerfEngDynatraceAPIClient-DynatraceMetricsSNSTopic-qFolXGcy2Ufh", "Message": "{\"timestamp\": \"1680882420000\", \"metric_name:test\": \"0\", \"aggregation\": \"avg\", \"resolution\": \"1m\", \"unit\": \"Percent\", \"entity.id\": \"SERVICE-12345\", \"entity.name\": \"test\", \"source.name\": \"testsource\"}", "Timestamp": "2023-04-07T15:56:02.509Z", "SignatureVersion": "1", "Signature": 23423423423, "SigningCertURL": "https://sns.u234234234234234234", "UnsubscribeURL": "https://sns.23423423423423423423" } } ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎04-10-2024 03:41 PM
Karma given to
View All