Reputation: 747
How to manually set timestamp for Splunk logs?
I have a database table full of logs, and I would like to upload that into Splunk by executing a query to get an array of logs, then iterating over it and running console.log() on each log. This almost works fine, however the timestamp that Splunk picks up for each log is based on whatever time I run the upload script.
Is there any way I can transform my log object so that Splunk will use the timestamps I provide? For example, one of my logs might look like:
{
id: 2910432221,
log_timestamp: 2019-08-07T19:04:03.000Z,
userId: 2331,
actionId: 45
}
Ideally, I would be able to run something like this, and have the value of splunk_timestamp appear in the Time column in the Splunk dashboard.
console.log({
id: 2910432221,
splunk_timestamp: 2019-08-07T19:04:03.000Z,
userId: 2331,
actionId: 45
})
Is anything like that possible?
Upvotes: 1
Views: 551
Answers (1)
Reputation: 2313
Splunk will try to automatically identify the _time value by picking the first field it encounters matching TIME_FORMAT. You can override this in props.conf.
I believe your problem is in the json object: what you are passing to console.log is not a valid json object. Field names and values should be properly quoted.
{
"id": 2910432221,
"splunk_timestamp": "2019-08-07T19:04:03.000Z",
"userId": 2331,
"actionId": 45
}
Upvotes: 1
Related Questions
- Splunk HEC - Disable multiline event splitting due to timestamp
- Splunk - Assigning custom time
- DateTime format search in the splunk search query
- How to correctly set timestamp in logstach from iis log
- Splunk - Adjusting source file timestamp
- HTTP Event Collector: How to send logs to Splunk Cloud from command line using curl?
- changing timestamp in logstash 1.4.1
- Is it possible to send logs directly to splunk cloud using JavaScript as Google Analytic does?
- How can web and error events be logged to Splunk using node.js?
- How do I change the timespan in a splunk timechart report?