Added required epoc time field for Splunk HEC Event Receiver (#14246)

Signed-off-by: Iain <iain@digitalbadger.com>
2026-03-02 09:18:48 -03:30 · 2023-08-21 13:44:52 +01:00
parent 3de8455960
commit 8c7ab8fcf2
1 changed files with 3 additions and 2 deletions
--- a/awx/main/utils/formatters.py
+++ b/awx/main/utils/formatters.py
@@ -283,6 +283,7 @@ class LogstashFormatter(LogstashFormatterBase):
            message.update(self.get_debug_fields(record))
        if settings.LOG_AGGREGATOR_TYPE == 'splunk':
-            # splunk messages must have a top level "event" key
+            # splunk messages must have a top level "event" key when using the /services/collector/event receiver.
-            message = {'event': message}
+            # The event receiver wont scan an event for a timestamp field therefore a time field must also be supplied containing epoch timestamp
            message = {'time': record.created, 'event': message}
        return self.serialize(message)