-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Splunk Hec Exporter - unparsed raw event output #18056
Comments
Pinging code owners: See Adding Labels via Comments if you do not have permissions to add labels yourself. |
That's definitely doable, for logs only obviously. To reiterate some of what we talked about directly:
|
Definitely! All sorta goes without saying but MUST be said! |
Done! |
You're the very best! like no one ever was! 🎵 |
Component(s)
exporter/splunkhec
Is your feature request related to a problem? Please describe.
Ability to send data out to splunk instance as raw text using the raw endpoint.
Currently exporter munges incoming logs into a "hec formatted" event. Adding fields such as
host
and jamming all of the raw payload intoevent
.Would be amazing to have a setting to just pass raw through unparsed and have it be treated as raw at splunk index time.
This would enable using the https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/splunkhecreceiver receiver as a generic webhook receiver, that can then be passed easily on to splunk while handling token auth.
Describe the solution you'd like
A setting to just pass raw through unparsed and have it be treated as raw at splunk index time.
This would enable using the https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/splunkhecreceiver receiver as a generic webhook receiver, that can then be passed easily on to splunk while handling header auth.
Describe alternatives you've considered
Not certain there are other options.
Additional context
If there is a better way to get generic webhook data out to Splunk as raw text from otel, would be happy to know!
The text was updated successfully, but these errors were encountered: