merbla
commented
4 years ago @HakanL do you know what version of Splunk Cloud or HEC is being used?
Closed HakanL closed 4 years ago
merbla
commented
4 years ago @HakanL do you know what version of Splunk Cloud or HEC is being used?
HakanL
commented
4 years ago I'm not sure about HEC, but here's from the about box on Splunk Cloud: Splunk Cloud Version: 7.2.9 Build: 2dc56eaf3546
HakanL
commented
4 years ago After some more tests I've been able to prove that the time property is correctly picked up by Splunk Cloud. I'm closing this issue.
I'm using Splunk Cloud with the httpevent input and the standard SplunkJsonFormatter where the timestamp from Serilog is outputted as a parent property called
time. However it seems that Splunk (Cloud) isn't picking this up, Splunk adds its own time (when the data is received). I'm not sure what the correct solution is, my peers are saying that the timestamp has to be added inside the payload (likeLevelis), but I'm not sure.