-
Task
-
Resolution: Done
-
Undefined
-
None
-
None
-
5
-
False
-
-
False
-
NEW
-
Administer, API, Release Notes
-
NEW
-
Release Note Not Required
-
-
-
Log Collection - Sprint 268, Log Collection - Sprint 269
Summary
Extend the ClusterLogForwarder to support Splunk metadata fields when forwarding logs
so that we enable better integration with Splunk.
Acceptance Criteria
- Verify the Collector sets the `host` when forwarding logs to the value of `hostname`
- Verify the ClusterLogForwarder API has fields that allows setting `source` using the ClusterLogForwarder templating
- Verify the ClusterLogForwarder API has fields that allows setting `index_fields` using path syntax
- Verify the Collector sets `host`, `source`, `sourcetype` with Red Hat 'defaults' when not otherwise spec'd in the ClusterLogForwarder
- Verify the Collector forwards logs with the desired data when the metadata fields are set in the API
Notes
- Defining default values for those keys when not specified by the user.
- Supporting user configuration of these metadata keys via templating mechanisms.
- Work around some limitations by transforming field names and values before forwarding.
- Nested fields must be flattened into top-level fields.
- Unsupported characters replacing with underscores (_).
- Non-string values converting to strings.
- Objects serializing to JSON strings.
- is related to
-
LOG-7253 The splunk event host is splunk address when payloadKey is specified.
-
- Closed
-
- links to
