Home > Net >  Serilog Splunk logged parameters are nested within "event"
Serilog Splunk logged parameters are nested within "event"

Time:09-08

Serilog with Splunk sink writes events in nested structure. It wraps my logged parameters into "events" object. While watching logs on Splunk every time I have to press on " " to expand properties that are actually useful for me. It slows down process of analyzing logs significantly.

Example of how logs are shown:

enter image description here

Is there a way to affect the structure sent to Splunk, like brining everything in "event" one level up? Or maybe there's some setting which could help in Splunk itself?

CodePudding user response:

This appears to be JSON structured data with an 'event' and 'time' field, which is awfully reminiscent of the structure that is used by the 'event' endpoint version of the HTTP Event Collector in Splunk.

Could it be that Serilog is sending to hxxps://yourhechost:port/services/collector/raw when it should be sending to hxxps://yourhechost:port/services/collector/event instead?

CodePudding user response:

added this to your search might help you manually look though the logs

|spath event
|spath input=event (this part is optional)
|table event

Page link:https//www.codepudding.com/net/537260.html

Prev:How to get port a process is listening on in .net?
Next:Disable Close button of window - VSTO - Outlook
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding