Closed ecowden closed 8 years ago
glennblock
commented
8 years ago Hi @ecowden
Sorry you are having issues.
By default we sent in the format that you are seeing, with your custom payload under "message". You can however provide a custom formatter in a few lines of code to send in your own custom format and have complete control. If you look at this test you will see how you can do it, basically you override the eventFormatter function.
Let me know if you have any questions!
ecowden
commented
8 years ago Ahh, now I see what that formatter does...
In case anyone else stumbles across this, I got this working by using a formatter like:
splunkLogger.eventFormatter = function (message, severity) {
return message
}...and passing in the event I want under message, like:
const event = {
message: "logging message goes here",
app: "some miscellaneous metadata",
moreMetadata: "actually, there's lots of metadata for the event",
severity: "info"
}
splunkLogger.send({ message: event }, err => {
// ...
})Thanks!
glennblock
commented
8 years ago 👍
I'm probably just using this library wrong, but I can't seem to send the event I want to send to the HTTP event collector.
I want to send a logging event with an
eventattribute including both a message and metadata like,I've tried several ways to interact with the
Logger.send(...)method without success. First:The event that makes it into splunk is just the "message" and "severity" fields. I can confirm that the request sent from the library, splunklogger.js:459, is missing the extra metadata fields:
... and the result in Splunk:
I've also tried putting the metadata under,
metadata, but that seems to be reserved forsource,sourcetype,indexandhost.I've also tried putting all the the info under an additional
messageattribute:...and while it does come through...
...we don't want those fields to be
message.messageormessage.app, we really want it at the top level.I can create and POST the event I want directly to the endpoint and it works as expected. Is there any way to do it with this library?