-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Splunk HEC only accepts flat JSON object (not nested) #17308
Comments
Pinging code owners for receiver/splunkhec: @atoulme @keitwb. See Adding Labels via Comments if you do not have permissions to add labels yourself. |
Pinging code owners for exporter/splunkhec: @atoulme @dmitryax. See Adding Labels via Comments if you do not have permissions to add labels yourself. |
Thank you for finding this bug! |
@atoulme, I am thinking of fixing this bug later this week. For the receiver, it should return the same error as an actual Splunk HEC does.
Please share your thoughts. |
can this issue be assigned to you? @atoulme |
@fatsheep9146 please feel free to assign to me, but it looks like @harshit-splunk is the one doing the work. It should probably go to him. |
ok, I assigned this to @harshit-splunk |
We can serialise nested arrays, but not sure about the map. AFAIK, Splunk will not populate search-time fields from the indexed field if the indexed field contains any serialised map. User has to write their own field extraction logic in splunk. |
Could we flatten the map, prefixing with the top key? |
Yes, that's what I am going to do. |
Closing as fixed. |
Component(s)
exporter/splunkhec, receiver/splunkhec
What happened?
Description
According to the Splunk HEC doc,
fields
key specifies a JSON object that contains a flat (not nested) list of explicit custom fields to be defined at index time.Steps to Reproduce
Execute the following curl request
It throws this error
The implementation of the splunkhec exporter and receiver doesn't handle it explicitly. It can lead to unexpected failure/invalid behaviour in both the exporter/receiver
Collector version
v0.67.0
Environment information
No response
OpenTelemetry Collector configuration
No response
Log output
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: