cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
tayshawn
New Member
Member since: Monday
Monday
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎09-18-2023
Activity Feed
Topics I've Started
View All

Log format and ingestion in Splunk

by in Splunk Search
Monday
Monday
Hello everyone! We have a container service running on AWS ECS with Splunk log driver enabled (via HEC token).  At moment, we found log lines look awful (see below example). Also, no event level filtered { [-]    line: xxxxxxxxx - - [16/Sep/2023:23:59:59 +0000] "GET /health HTTP/1.1" 200 236 "-" "ELB-HealthChecker/2.0" "-"    source: stdout    tag: xxxxxxxxxxx } Show as raw text host = xxx source = xxx source = xxx sourcetype = xxxx   We would like to make changes in Splunk to ensure the events are in a better-formatted standard as following: Sep 19 03:27:09 ip-xxx.xxxx xx[16151]: xxx ERROR xx - DIST:xx.xx BAS:8 NID:w-xxxxxx RID:b FID:bxxxx WSID:xxxx host = xxx level = ERROR source = xxx sourcetype =  xxx  We do have log forwarder rule configured (logs for other services are all formatted as above) . May I get some helps to reformat logs? Much appreciated!  ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
Monday