Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.

Remove prefixed default timestamp in message logging policy

Hi, When using the "Syslog" message format to send our apigee logs to Splunk it seems to be adding a particular timestamp format like: "Jul2312:16:17UTC2018Info: " In front of the message. We would like it to be removed as we already provide a timestamp in the message body and screws the formatting when the message is rendered by Splunk.

Jul2312:16:17UTC2018Info: { "index":"sample_api_development", "level":"Info", "traceId":"", "requestId":"", "clientIp":"52.198.177.237", "method":"GET", "endpoint":"", "uri":"/", "queryParameters":"", "responseStatus":"200", "clientReceivedStartTimestamp":"1532348177317", "clientReceivedEndTimestamp":"1532348177317", "targetSentStartTimestamp":"1532348177318", "targetSentEndTimestamp":"1532348177320", "targetReceivedStartTimestamp":"1532348177437", "targetReceivedEndTimestamp":"1532348177437", "clientSentStartTimestamp":"1532348177438", "clientSentEndTimestamp":"1532348177438", "timestamp":"1532348177438" }

Thanks In Advance

0 2 290
2 REPLIES 2

Can you please show your policy configuration?

Also, have you reviewed the documentation?

Did you look through this helpful article? Have you tried ServiceCallout or JavaScript + httpClient?

Yes, I have reviewed the link, please find the attached screenshot of message logging policy configuration and the Splunk log.

Thanks In Advancesplunk.pngmessagelogging-policy.png