Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ADDON-77801 Added support for ingesting json event using conte… #376

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

ADDON-77801 Added support for ingesting json event using conte… #376

wants to merge 1 commit into from
+7 −1

Conversation

spanchal-crest
Copy link

Jira: https://splunk.atlassian.net/browse/ADDON-77801

Added support for ingesting the json event using contentctl.

For the windows TA, the SPL2 transformed logs have additional fields along with _raw. So, in order to ingest those samples we need to use services/collector/event endpoint as we want to ingest json data.

For ingesting the events in json format, we should have the below format of the event.
{"event": "raw_event", "fields" : {"fields1" : "value1", "fields2" : "value2"}}

@spanchal-crest spanchal-crest force-pushed the ADDON-77801-support-for-ingesting-json-events branch from 1f21143 to 0f3be11 Compare March 5, 2025 05:14
@pyth0n1c
Copy link
Contributor

pyth0n1c commented Mar 9, 2025

Had some internal discussion directly with the PR author about this, so this PR may change. As such I have converted it to draft at this time.

@pyth0n1c pyth0n1c added WIP Draft and removed WIP labels Mar 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mgazda-splunk mgazda-splunk

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
Draft
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@spanchal-crest @pyth0n1c