Map Heroku request logs to the Splunk CIM for Web

Financial-Times / splunk-heroku

Support for Heroku log drains packaged as a Splunk app.

https://tech.in.ft.com/tech-topics/logging/splunk/logging-from-heroku

MIT License

2 stars 0 forks source link

Map Heroku request logs to the Splunk CIM for Web #38

Closed sjparkinson closed 2 years ago

sjparkinson commented 2 years ago

See https://docs.splunk.com/Documentation/CIM/5.0.1/User/Web.

I believe we would use field aliases to align the fields sent by Heroku with the CIM fields for Web.

This would benefit the Enterprise Security product which leans on the Splunk common information models. It would enable the inclusion of Heroku request logs in any evaluations that the SEIM product runs.