Details
-
Feature
-
Resolution: Unresolved
-
Undefined
-
None
-
Logging 5.8, Logging 5.9
-
None
-
False
-
None
-
False
-
Not Selected
-
0
-
0
-
0%
-
0
Description
Proposed title of this feature request
Honor Splunk Event metadata key names
What is the nature and description of the request?
Currently, it's not honored the Splunk Event metadata key names where some keys are optional as: "time", "host", "source", "sourcetype", "index", "fields".
But, for example, instead of the "host" key, it's received "hostname" key and similar situation is observed that the "source" key is not present being used a different key.
Why does the customer need this? (List the business requirements)
1.Receiving the keys as Splunk is expecting as per Splunk Event metadata
2.Having normalized below the same keys from different log sources, not only OpenShift clusters the logs for managing them later: filtering/reporting in an easier way
List any affected packages or components.
Collectors: Vector - Fluentd
