nodejs SplunkLogger - json message is not parsed

ngoodrich · ‎12-19-2018

I am using the manual batching example from the docs.

I am sending the following data to the logger.send function:

const obj = {
      oid: 'bluesun',
      tid: 'transaction_id',
      type: 'error',
      msg: 'I broke something bad'
    }

this.logger.send({
      message: obj,
      metadata: {
        source: 'awsBot',
        sourcetype: 'event-bus'
      },
      severity: 'error'
})

However, none of the fields in the json object appear to be parsed when coming into splunk.

This index is shared by other services that are logging in other formats so we can't override the entire index to expect json formatted messages, but is there a way to force these messages from this source to be parsed as json?

rohan05 · ‎06-10-2024

I am facing the same issue. Not able to see any of the data in splunk. Did you find the solution to get the data?

Please let me know how to resolve this issue.

ngoodrich · ‎12-20-2018

@sdchakraborty That did not work.

sdchakraborty · ‎12-19-2018

Hi,

will it be possible for you to make the sourcetype "_json"? That cloud resolve your issue.

Sid

nodejs SplunkLogger - json message is not parsed

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?