Time should be included in query parameter #27006
Assignees
Labels
Comments
splunkericl
added
enhancement
|
Pinging code owners:
See Adding Labels via Comments if you do not have permissions to add labels yourself. |
|
@atoulme can you take a look at this issue and the PR and see if it makes sense? |
jmsnll
pushed a commit
to jmsnll/opentelemetry-collector-contrib
that referenced
this issue
Nov 12, 2023
This change adds a new feature in splunk hec receiver allowing users to
specify time query parameter. This is to put parity between splunk hec
receiver and splunk HEC raw endpoint
Note: the validation response is slightly different than what splunk
returns. if invalid input is provided for time:
- splunk returns 400 response with this error message:
```
{
"text": "Error in handling indexed fields",
"code": 15,
"invalid-event-number": 0
}
```
- however this doesn't make sense for splunk hec receiver as it is not
indexing anything. Instead, splunk hec receiver will return:
```
{"text":"Invalid data format","code":6}
```
Fixes open-telemetry#27006
---------
Co-authored-by: Antoine Toulme <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Component(s)
receiver/splunkhec
Is your feature request related to a problem? Please describe.
Current Splunk HEC raw endpoint allows
timequery parameter. However, splunk hec receiver doesn't expose this query parameter.To maintain parity between two endpoints,
timeparameter should be accepted and passed into the event timestamp.Describe the solution you'd like
Extracts
timein query parameter in the methodsplunkHecRawToLogDataDescribe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: