Remove prefixed default timestamp in message loggi...

nandishnandy · 07-23-2018 03:32 AM

Hi, When using the "Syslog" message format to send our apigee logs to Splunk it seems to be adding a particular timestamp format like: "Jul2312:16:17UTC2018Info: " In front of the message. We would like it to be removed as we already provide a timestamp in the message body and screws the formatting when the message is rendered by Splunk.

Jul2312:16:17UTC2018Info: { "index":"sample_api_development", "level":"Info", "traceId":"", "requestId":"", "clientIp":"52.198.177.237", "method":"GET", "endpoint":"", "uri":"/", "queryParameters":"", "responseStatus":"200", "clientReceivedStartTimestamp":"1532348177317", "clientReceivedEndTimestamp":"1532348177317", "targetSentStartTimestamp":"1532348177318", "targetSentEndTimestamp":"1532348177320", "targetReceivedStartTimestamp":"1532348177437", "targetReceivedEndTimestamp":"1532348177437", "clientSentStartTimestamp":"1532348177438", "clientSentEndTimestamp":"1532348177438", "timestamp":"1532348177438" }

Thanks In Advance

dchiesa1

Can you please show your policy configuration?

Also, have you reviewed the documentation?

Did you look through this helpful article? Have you tried ServiceCallout or JavaScript + httpClient?

nandishnandy

Yes, I have reviewed the link, please find the attached screenshot of message logging policy configuration and the Splunk log.

Thanks In Advancesplunk.png messagelogging-policy.png

Remove prefixed default timestamp in message logging policy