Splunk Hec Exporter - unparsed raw event output #18056
Labels
Comments
greatestusername-splunk
added
enhancement
|
Pinging code owners: See Adding Labels via Comments if you do not have permissions to add labels yourself. |
atoulme
added
priority:p2
|
That's definitely doable, for logs only obviously. To reiterate some of what we talked about directly:
|
|
Definitely! All sorta goes without saying but MUST be said! |
|
Done! |
|
You're the very best! like no one ever was! 🎵 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Component(s)
exporter/splunkhec
Is your feature request related to a problem? Please describe.
Ability to send data out to splunk instance as raw text using the raw endpoint.
Currently exporter munges incoming logs into a "hec formatted" event. Adding fields such as
hostand jamming all of the raw payload intoevent.Would be amazing to have a setting to just pass raw through unparsed and have it be treated as raw at splunk index time.
This would enable using the https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/splunkhecreceiver receiver as a generic webhook receiver, that can then be passed easily on to splunk while handling token auth.
Describe the solution you'd like
A setting to just pass raw through unparsed and have it be treated as raw at splunk index time.
This would enable using the https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/splunkhecreceiver receiver as a generic webhook receiver, that can then be passed easily on to splunk while handling header auth.
Describe alternatives you've considered
Not certain there are other options.
Additional context
If there is a better way to get generic webhook data out to Splunk as raw text from otel, would be happy to know!
The text was updated successfully, but these errors were encountered: